Microsoft Defender for Office 365 service description
Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats to email and collaboration tools, like phishing, business email compromise, and malware attacks. Defender for Office 365 also provides investigation, hunting, and remediation capabilities to help security teams efficiently identify, prioritize, investigate, and respond to threats.
The following are the primary ways you can use Defender for Office 365 for message protection:
In a Defender for Office 365 filtering-only scenario, Defender for Office 365 provides cloud-based email protection for your on-premises Exchange Server environment or any other on-premises SMTP email solution.
Defender for Office 365 can be enabled to protect Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online service description.
In a hybrid deployment, Defender for Office 365 can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.
Available plans
For the purposes of this article, a tenant-level service is an online service that is activated in part or in full for all users in the tenant (standalone license and/or as part of a Microsoft 365 or Office 365 plan). Though some tenant services are currently not capable of limiting benefits to specific users, appropriate subscription licenses are required for use of each online service. To review the terms and conditions governing the use of Microsoft products and Professional Services acquired through Microsoft Licensing programs, see the Product Terms.
To view how users benefit from Microsoft 365 features, download the Microsoft 365 Comparison table for Enterprise and Frontline Workers Plans or the Microsoft 365 Comparison table for Small and Medium Business Plans.
For detailed plan information on subscriptions that enable users for Microsoft 365 features and are currently available in European Economic Area (EEA) countries and Switzerland, see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA.
Feature availability
The following table lists the major Microsoft Defender for Office 365 features available across plans. Certain caveats apply. See the footnotes for further information. This table may change without notice. For the most up-to-date, complete list of Microsoft Defender for Office 365 features across plans, see Microsoft Defender for Office 365 Features service description.
| Feature | Defender for Office 365 Plan 1 | Defender for Office 365 Plan 2 | Microsoft 365 A5/E5/F5/G5 Security |
|---|---|---|---|
| Configuration, protection, and detection | |||
| Preset security policies and Configuration Analyzer | Yes | Yes | Yes |
| Safe Attachments | Yes | Yes | Yes |
| Safe Attachments in Teams | Yes | Yes | Yes |
| Safe Links | Yes | Yes | Yes |
| Safe Documents | No | No | Yes |
| Safe Links in Teams | Yes | Yes | Yes |
| Report Message Add-In | Yes | Yes | Yes |
| Protection for SharePoint, OneDrive, and Microsoft Teams | Yes | Yes | Yes |
| Anti-phishing policies | Yes | Yes | Yes |
| Real-time reports | Yes | Yes | Yes |
| Advanced protection for internal mail | Yes | Yes | Yes |
| Automation, investigation, remediation, and education | |||
| Threat Trackers | No | Yes | Yes |
| Campaign Views | No | Yes | Yes |
| Threat investigation (advanced threat investigation) | Real-time detections | Explorer | Explorer |
| Automated investigation & response | No | Yes | Yes |
| Attack simulation training | No | Yes | Yes |
| Integration with Microsoft Defender XDR | No | Yes | Yes |
Note
Microsoft Defender for Office 365 is a component of Microsoft Defender XDR. For more information on automated cross-domain security with Microsoft Defender XDR, see Microsoft Defender XDR requirements.
Learn more
For more information about Microsoft Defender for Office 365, check out the following resources:
- Microsoft Defender for Office 365 documentation
- Microsoft Defender for Office 365 product information
- Microsoft Defender for Office 365 blog
- Microsoft Defender for Office 365 forum
Licensing terms
For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.
For Microsoft Defender for Office 365 Plan 1 tenants, licenses must be acquired for users or mailboxes falling under one or more of the following scenarios:
- Any user that accesses a mailbox that benefits from Defender for Office 365 protections.
- Shared mailboxes that benefit from Defender for Office 365 protections.
- If Safe Attachments protection for SharePoint, OneDrive for Business, or Teams is turned on, all users that access SharePoint, OneDrive for Business, or Teams.
- Any user that uses Microsoft 365 Apps or Teams when Safe Links protections are enabled.
For Microsoft Defender for Office 365 Plan 2 tenants, licenses must be acquired for users or mailboxes falling under one or more of the following scenarios:
- All Exchange Online users on the tenant. This is because Plan 2 features and capabilities protect all users in the tenant.
- All shared mailboxes on the tenant.
- If Safe Attachments protection for SharePoint, OneDrive for Business, or Teams is turned on, all users that access SharePoint, OneDrive for Business, or Teams.
- Any user that uses Microsoft 365 Apps or Teams when Safe Links protections are enabled.
Note
Office 365 E5, Microsoft 365 E5 Security, and Microsoft 365 E5 include Microsoft Defender for Office P2 licenses, and Microsoft 365 Business Premium includes Microsoft Defender for Office 365 P1 licenses.
Messaging
To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message Center. For more information, see Message center.
Accessibility
Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center.