@EnterpriseArchitect Filtering is not the word I would choose. Filtering is true for EOL protections. Find and match a known object. Defender for Office is adding intelligence to what the behavior of the object is. For example a user receives an attachment containing a docx file. EOL says yes not an extension that I filter out. The user opens the attachment and runs the macro Boom compromised. Same for a URL link, looks benign but EOL doesn't see what sits on the other end of that URL. Defender for Office looks at the behavior of attachments or URL links in email, teams and sharepoint by denotating in an off device sandbox at time of click . The other important thing is mail box intelligence so those spoofing attempts and email compromise are all but eliminated. If you do the configuration and get the controls setup correctly. It's all about analyzing the data contained within the signal. Here is a couple of screens I used recently for demonstrating DFO
Exchange Online Protection & Microsoft Defender for Office 365
Hi All,
May I know, what is the difference between Exchange Online Protection & Microsoft Defender for Office 365?
As per my understanding, all of my mailboxes are protected with Exchange Online Protection, so I wonder what's the purpose of adding Defender for Office 365 Plan 1 or 2 to all of my users in addition to the existing EOP?
I cannot see the feature comparison for both product, just this article that mentions it together: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide
-
Paul A Caldwell 86 Reputation points Microsoft Vendor
2022-07-01T22:01:25.037+00:00
2 additional answers
Sort by: Most helpful
-
KyleXu-MSFT 26,291 Reputation points
2022-07-01T02:39:35.417+00:00 @EnterpriseArchitect
Here are the difference between them:
You could have a look about this blog: Office 365 ATP is now Microsoft Defender for Office 365. Microsoft Defender is called ATP before.
Here's a previous screenshot(No more now due to change of name) showing the difference between ATP and EOP:
I think the mainly difference is EOP works for Exchange online, the Microsoft Defender for Office 365 works for all Microsoft 365 services.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Paul A Caldwell 86 Reputation points Microsoft Vendor
2022-07-01T05:03:44.203+00:00 A summary is that DFO gives you Safe Links and safe attachments with a choice of delivery options. DFO P2 also gives you the ability to launch simulated phishing attacks against tenant mailboxes. Licensing stipulates that as these DFO licenses makes changes at the tenant level all mailboxes including shared must be licensed.