Share via

What is the difference between built-in protection and Turning Defender On for Office 365?

Kaloyan Marinov 1 Reputation point
2022-03-02T12:50:13.28+00:00

Hello, I see eicar files being locked regardless of whether I will turn on the defender or not, because of the built-in protection I know. But does turning off the defender make any difference? Can anyone explain to me, please?

Let me just share my experience with testing eicar with and without the Defender ON. In another forum I was answered like so:

"
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams helps detect and block existing files that are identified as malicious in team sites and document libraries.

If you turn off it, SharePoint Online admins may not prevent people from downloading malicious files. And your files will not be scanned and those malicious files will not be identified.
"

So some say if i turn off defender (safe attachments), the file will be downloadable - yes, because built-in protection itself does not prohibit downloading the file, prohibition of downloading the file is possible with defender on too, UNLESS by using defender + prohibiting the downloading of the file via the shell script that you could use as addition to it.

Also it was mentioned that if defender is turned off the files will not be scanned and those malicious files will not be identified - i think this is not true because i have never had a case where the eicar will not be locked.

Please clear this one out for me, thank you!

Best Regards,
Kaloyan

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
43,281 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Catherine Kyalo 1,075 Reputation points Microsoft Employee
    2024-04-09T19:19:52.4433333+00:00

    Microsoft 365 has built-in protection features that help in securing your data and network from potential threats. These features work continuously in the background to protect your data from malware, viruses, phishing attempts, and other malicious activities.

    On the other hand, Microsoft Defender for Office 365 (previously known as Office 365 Advanced Threat Protection) is an additional service that provides more robust protection against advanced threats.

    1. EICAR files: The EICAR file is a safe file used to test the response of computer antivirus (AV) programs. Even if Microsoft Defender is turned off, Microsoft 365 built-in protection might detect and block this file because it's designed to respond to such known test cases.
    2. Safe Attachments: This is a feature of Microsoft Defender for Office 365. If you turn off Defender, the Safe Attachments feature will not work. This means that if a user tries to download a malicious file, there's no additional layer of scanning provided by Safe Attachments. The file might still get blocked by the built-in protections, but you're removing an additional layer of security by turning off Defender.
    3. Prohibiting the downloading of files: As you mentioned, prohibiting file downloads is a separate feature that can be configured through your SharePoint or OneDrive settings. It's not directly linked to whether Defender is on or off.
    4. Scanning of files: Built-in protections do scan files for known threats. However, Microsoft Defender for Office 365 provides a more thorough and sophisticated scanning mechanism, capable of detecting zero-day threats and providing detailed reporting. If you turn off Defender, you lose this additional level of protection and analysis.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.