Microsoft Defender for Office 365
icrosoft Defender for Office 365 (MSDO) safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients. MSDO includes:
- Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
- Reports: View real-time reports to monitor MSDO performance in your organization.
- Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
- Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Microsoft Defender for Office 365 comes in two flavors, as shown in the table below.
- Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
- Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.
- Microsoft Defender for Office 365 Plan 1 and Microsoft Defender for Office 365 Plan 2 are available as an add-on for certain subscriptions.
|Microsoft Defender for Office 365 Plan 1||Microsoft Defender for Office 365 Plan 2|
|Configuration, protection, and detection capabilities:||Microsoft Defender for Office 365 Plan 1 capabilities plus automation, investigation, remediation, and education capabilities:|
|Safe Attachments – checks email attachments for malicious content.||Threat Trackers – provide the latest intelligence on prevailing cybersecurity issues.|
|Safe Links – Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked.||Threat Explorer – a real-time report that allows you to identify and analyze recent threats.|
|ATP for SharePoint, OneDrive, and Microsoft Teams – Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries.||Automated investigation and response – include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually.|
|ATP anti-phishing protection – Detects attempts to impersonate your users and internal or custom domains.||Attack Simulator – allows you to run realistic attack scenarios in your organization to identify vulnerabilities.|
|Real-time detections – a real-time report that allows you to identify and analyze recent threats.|
To learn more, see Microsoft Defender for Office 365.