Overview of Microsoft Defender for Office 365
In this tutorial, we will get an overview of Microsoft Defender for office 365.
Microsoft Defender for Office 365, formerly Office 365 Advanced Threat Protection, safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Further, Microsoft Defender for Office 365 covers these key areas:
- Firstly, Threat protection policies. This defines threat protection policies to set the appropriate level of protection for your organization.
- Secondly, Reports. You can view real-time reports for monitoring Microsoft Defender for Office 365 performance in your organization.
- Thirdly, Threat investigation and response capabilities. Use leading-edge tools to investigate, understand, simulate, and prevent threats.
- Lastly, Automated investigation and response capabilities. Save time and effort investigating and mitigating threats.
Microsoft Defender for Office 365: Plans
There are two plans available in this:
1. Microsoft Defender for Office 365 Plan 1
This plan offers configuration, protection, and detection tools for your Office 365 suite:
- Firstly, Safe Attachments. Checks email attachments for malicious content.
- Secondly, Safe Links. Links are scanned for each click. A safe link remains accessible, but malicious links are blocked.
- Thirdly, Protection for SharePoint, OneDrive, and Microsoft Teams. Protects your organization when users collaborate and share files by identifying and blocking malicious files.
- Then, Anti-phishing protection. Detects attempts to impersonate your users and internal or custom domains.
- Lastly, Real-time detections. A real-time report that allows you to identify and analyze recent threats.
2. Microsoft Defender for Office 365 Plan 2
This plan includes all the core features of Plan 1, and provides automation, investigation, remediation, and simulation tools to help protect your Office 365 suite:
- Firstly, Threat Trackers. Provide the latest intelligence on prevailing cybersecurity issues, and allow an organization to take countermeasures before there’s an actual threat.
- Secondly, Threat Explorer. A real-time report that allows you to identify and analyze recent threats.
- Thirdly, Automated investigation and response (AIR). Includes a set of security playbooks that can be launched automatically like when an alert is triggered, or manually. However, a security playbook can start an automated investigation, provide detailed results, and recommend actions that the security team can approve or reject.
- Lastly, Attack Simulator. This allows you to run realistic attack scenarios in your organization to identify vulnerabilities.
Reference: Microsoft Documentation