Describe Microsoft Defender for Office 365
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Microsoft Defender for Office 365 covers these key areas:
- Threat protection policies: Define threat protection policies to set the appropriate level of protection for your organization.
- Reports: View real-time reports to monitor Microsoft Defender for Office 365 performance in your organization.
- Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
- Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Microsoft Defender for Office 365 is available in two plans. The plan you choose influences the tools you’ll see and use. It's important to make sure you select the best plan to meet your organization's needs.
Microsoft Defender for Office 365 Plan 1
This plan offers configuration, protection, and detection tools for your Office 365 suite:
- Safe Attachments: Checks email attachments for malicious content.
- Safe Links: Links are scanned for each click. A safe link remains accessible, but malicious links are blocked.
- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: Protects your organization when users collaborate and share files by identifying and blocking malicious files in team sites and document libraries.
- Anti-phishing protection: Detects attempts to impersonate your users and internal or custom domains.
- Real-time detections: A real-time report that allows you to identify and analyze recent threats.
Microsoft Defender for Office 365 Plan 2
This plan includes all the core features of Plan 1, and provides automation, investigation, remediation, and simulation tools to help protect your Office 365 suite:
- Threat Trackers: Provide the latest intelligence on prevailing cybersecurity issues, and allow an organization to take countermeasures before there's an actual threat.
- Threat Explorer: A real-time report that allows you to identify and analyze recent threats.
- Automated investigation and response (AIR): Includes a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually. A security playbook can start an automated investigation, provide detailed results, and recommend actions that the security team can approve or reject.
- Attack Simulator: Allows you to run realistic attack scenarios in your organization to identify vulnerabilities. These simulations test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks.
- Proactively hunt for threats with advanced hunting in Microsoft 365 Defender: Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities.
- Investigate alerts and incidents in Microsoft 365 Defender: Microsoft Defender for Office 365 P2 customers have access to Microsoft 365 Defender integration to efficiently detect, review, and respond to incidents and alerts.
Microsoft Defender for Office 365 availability
Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium.
If your subscription doesn’t include Defender for Office 365, you can purchase it as an add-on.
Use Microsoft Defender for Office 365 to protect your organization's collaboration tools and messages.
Need help? See our troubleshooting guide or provide specific feedback by reporting an issue.