Exchange Online Protection & Microsoft Defender for Office 365

EnterpriseArchitect 5,581 Reputation points
2022-06-30T13:40:16.337+00:00

Hi All,

May I know, what is the difference between Exchange Online Protection & Microsoft Defender for Office 365?

As per my understanding, all of my mailboxes are protected with Exchange Online Protection, so I wonder what's the purpose of adding Defender for Office 365 Plan 1 or 2 to all of my users in addition to the existing EOP?

I cannot see the feature comparison for both product, just this article that mentions it together: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,697 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,763 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,981 questions
0 comments No comments
{count} votes

Accepted answer
  1. Paul A Caldwell 86 Reputation points Microsoft Vendor
    2022-07-01T22:01:25.037+00:00

    @EnterpriseArchitect Filtering is not the word I would choose. Filtering is true for EOL protections. Find and match a known object. Defender for Office is adding intelligence to what the behavior of the object is. For example a user receives an attachment containing a docx file. EOL says yes not an extension that I filter out. The user opens the attachment and runs the macro Boom compromised. Same for a URL link, looks benign but EOL doesn't see what sits on the other end of that URL. Defender for Office looks at the behavior of attachments or URL links in email, teams and sharepoint by denotating in an off device sandbox at time of click . The other important thing is mail box intelligence so those spoofing attempts and email compromise are all but eliminated. If you do the configuration and get the controls setup correctly. It's all about analyzing the data contained within the signal. Here is a couple of screens I used recently for demonstrating DFO
    217036-image.png
    216999-image.png

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. KyleXu-MSFT 26,291 Reputation points
    2022-07-01T02:39:35.417+00:00

    @EnterpriseArchitect
    Here are the difference between them:
    216713-1.png

    You could have a look about this blog: Office 365 ATP is now Microsoft Defender for Office 365. Microsoft Defender is called ATP before.

    Here's a previous screenshot(No more now due to change of name) showing the difference between ATP and EOP:
    216781-2.png

    I think the mainly difference is EOP works for Exchange online, the Microsoft Defender for Office 365 works for all Microsoft 365 services.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


    1 person found this answer helpful.

  2. Paul A Caldwell 86 Reputation points Microsoft Vendor
    2022-07-01T05:03:44.203+00:00

    A summary is that DFO gives you Safe Links and safe attachments with a choice of delivery options. DFO P2 also gives you the ability to launch simulated phishing attacks against tenant mailboxes. Licensing stipulates that as these DFO licenses makes changes at the tenant level all mailboxes including shared must be licensed.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.