WSI

WSI NEWS

Why do I need Microsoft Defender for Office 365?

Let's focus on the features of Microsoft Defender for Office 365

Microsoft Defender for Office 365 safeguards organizations against malicious threats by providing admins and sec ops teams a wide range of capabilities. These features start benefitting users, admins, and sec ops at the time of installation. For example:

Interactive guide to Microsoft Defender for Office 365

If you need more information, this interactive guide will show you why Microsoft Defender for Office 365 is worth it, and give examples on how to safeguard your organization.

You’ll also see how Defender for Office 365 can help you define protection policies, analyze threats to your organization, and respond to attacks.

Check out the interactive guide

What is the difference between Plan 1 and Plan 2 Defender for Office 365?

For more on what’s included in Microsoft 365 Plans 1 & 2, browse over to this document, because that article quickly spells out what makes up the two products, and the emphasis of each part of Microsoft Defender for Office 365 using a familiar structure: ProtectDetectInvestigate, and Respond.

Graphics and short, scannable paragraphs answer questions like:

  • What is Plan 1 optimized to do for you?
  • What’s the biggest benefit to your company in Plan 2?
  • Who has Exchange Online Protection and what’s it optimized to do?

So, don’t miss it!

How do you get started?

There are two methods to set up Microsoft Defender for Office 365 for your subscription.

Preset security policy configuration is recommended

It is recommended that — as much as your organization can, given its specific needs — you configure via preset security policies. You can learn more about presets here: Preset setup information and steps; or if you just want steps, here are just the steps for preset policy setup.

Manual configuration for Microsoft Defender for Office 365

Though it’s no longer the recommended practice, here are the initial logical configuration chunks for manual set up:

  • Configure everything with ‘anti‘ in the name.
    • anti-malware
    • anti-phishing
    • anti-spam
  • Set up everything with ‘safe‘ in the name.
    • Safe Links
    • Safe Attachments
  • Defend the workloads (ex. SharePoint Online, OneDrive, and Teams)
  • Protect with zero-hour auto purge (ZAP).

To learn by doing things manually, click this link.

Manual steps to Configure Microsoft Defender for Office 365 policies

It’s recommended that you configure with preset security policies (if I haven’t said this enough), but some organizations must configure manually.

With Microsoft Defender for Office 365, your organization’s security team can configure protection by defining policies in the Microsoft 365 Defender portal at https://security.microsoft.com > Email & collaboration > Policies & rules > Threat policies. Or, you can go directly to the Threat policies page by using https://security.microsoft.com/threatpolicy.

Defender for Office 365 Policies

The policies that are defined for your organization determine the behavior and protection level for predefined threats.

Policy options are extremely flexible. For example, your organization’s security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly, because new threats and challenges emerge daily.

Safe Attachments

  • Safe Attachments: Provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox. To learn more, see Set up Safe Attachments policies.

Safe Links

  • Safe Links: Provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked. To learn more, see Set up Safe Links policies.

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams

Anti-phishing protection in Defender for Office 365

How to view Microsoft Defender for Office 365 reports

Best of class threat investigation and response capabilities

  • Microsoft Defender for Office 365 Plan 2 includes best-of-class threat investigation and response tools that enable your organization’s security team to anticipate, understand, and prevent malicious attacks.

Threat Trackers on the latest threats

Threat Explorer or Real-Time Detections

Attack simulation training for user readiness

  • Attack simulation training allows you to run realistic attack scenarios in your organization to identify vulnerabilities. Simulations of current types of attacks are available, including spear phishing credential harvest and attachment attacks, and password spray and brute force password attacks.

Save time with automated investigation and response

When sec ops is investigating a potential cyberattack, time is of the essence. The sooner you can identify and mitigate threats, the better off your organization will be.

Automated investigation and response (AIR) capabilities include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Explorer.

AIR can save your security operations team time and effort in mitigating threats effectively and efficiently. To learn more, see AIR in Office 365.

These are the permissions needed to use Defender for Office 365 features

To access Microsoft Defender for Office 365 features, you must be assigned an appropriate role. The following table includes some examples:

Role or role group Resources to learn more
global administrator (or Organization Management) You can assign this role in Azure Active Directory or in the Microsoft 365 Defender portal. For more information, see Permissions in the Microsoft 365 Defender portal.
Organization Management in Exchange Online You can assign this role in Azure Active Directory or in the Microsoft 365 Defender portal. For more information, see Permissions in the Microsoft 365 Defender portal.
Security Administrator Permissions in Exchange Online
Exchange Online PowerShell
Search and Purge This role is available only in the Microsoft 365 Defender portal or the Microsoft Purview compliance portal. For more information, see Permissions in the Microsoft 365 Defender portal and Permissions in the Microsoft Purview compliance portal.

What new features are coming for Microsoft Defender for Office 365?

New features are added to Microsoft Defender for Office 365 continually. To learn more, see the following resources:

Talk to us!

Recent Posts

Talk to Us

We provide wide range of IT Products & Solutions that are designed to streamlined Operations, Enhance Efficiency and Drive Business Innovation.

email
Schedule

8:00am - 5:00pm, Monday - Friday

				
					/* 

Copy this code on section to modify colors of icons, submit button, hovers 
depends on the webpage theme.

Note: Keep visibility disabled, Do not Edit this

*/

/*Contact Content Icons & Text*/
.contact-iconbox .elementor-icon {
    color: pink;
    fill: pink;
}
.contact-iconbox .elementor-icon:hover{
    color: violet;
     fill:violet ;
}
.contact-iconbox p a, .contact-iconbox p{
    color: pink !important;
}
.contact-iconbox p a:hover, .contact-iconbox p:hover{
    color: violet !important;
}

/*Contact Form*/
.contact-form .elementor-widget-container{
    background:red !important;
}
.contact-form label{
    color: blue;
}
.contact-form .wpforms-submit-container button{
    border-color: pink !important;
    background: pink !important;
}
.contact-form .wpforms-submit-container button:hover{
    background: violet !important;
    border-color: violet !important;
}