What is Microsoft Defender?

What is Microsoft Defender?

Ataira Business Intelligence Ataira - May 13, 2021

What is Microsoft Defender?TwitterFacebookLinkedInRequest Info

Every Office 365 subscription comes with security capabilities. The goals and actions that you can take depend on the focus of these different subscriptions. In Office 365 security, there are three main security services (or products) tied to your subscription type:

  • Exchange Online Protection (EOP)
  • Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
  • Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)

Office 365 security builds on the core protections offered by EOP. EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based).

You may be accustomed to seeing these three components discussed in this way:

Exchange Online Protection Microsoft Defender for Office 365 P1 Microsoft Defender for Office 365 P2
Prevents broad, volume-based, known attacks Protects email and collaboration from zero-day malware, phish, and business email compromise Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training)

The core of Office 365 security is EOP protection. Microsoft Defender for Office 365 P1 contains EOP in it. Defender for Office 365 P2 contains P1 and EOP. The structure is cumulative. That’s why, when configuring this product, you should start with EOP and work to Defender for Office 365.

Though email authentication configuration takes place in public DNS, it’s important to configure this feature to help defend against spoofing. If you have EOP, you should configure email authentication.

If you have an Office 365 E3, or below, you have EOP, but with the option to buy standalone Defender for Office 365 P1 through upgrade. If you have Office 365 E5, you already have Defender for Office 365 P2.

If your subscription is neither Office 365 E3 or E5, you can still check to see if you have the option to upgrade to Microsoft Defender for Office 365 P1. If you’re interested.

The Office 365 security ladder from EOP to Microsoft Defender for Office 365
EOP and Microsoft Defender for Office 365 and their security emphasis, going from Protect and Detect to Investigate and Respond. Email Authentication configuration (at least DKIM and DMARC) should be set up for EOP and up.

What makes adding Microsoft Defender for Office 365 plans an advantage to pure EOP threat management can be difficult to tell at first glance. To help sort out if an upgrade path is right for your organization, let’s look at the capabilities of each product when it comes to:

  • preventing and detecting threats
  • investigating
  • responding

Exchange Online Protection Features

Prevent/Detect Investigate Respond
  • Spam
  • Phish
  • Malware
  • Bulk mail
  • Spoof intelligence
  • Impersonation detection
  • Admin Quarantine
  • Admin and user submissions of False Positives and False Negatives
  • Allow/Block for URLs and Files Reports
  • Audit log search
  • Message Trace
  • Zero-hour Auto-Purge (ZAP)
  • Refinement and testing of Allow and Block lists

Defender for Office 365 Plan 1 Features

Because these products are cumulative, if you evaluate Microsoft Defender for Office 365 P1 and decide to subscribe to it, you’ll add these abilities.

Prevent/Detect Investigate Respond
Technologies include everything in EOP plus:

  • Safe attachments
  • Safe links
  • Microsoft Defender for Office 365 protection for workloads (ex. SharePoint Online, Teams, OneDrive for Business)
  • Time-of-click protection in email, Office clients, and Teams
  • Anti-phishing in Defender for Office 365
  • User and domain impersonation protection
  • Alerts, and SIEM integration API for alerts
Technologies include everything in EOP plus:

  • SIEM integration API for detections
  • Real-time detections tool
  • URL trace
Same as EOP

Microsoft Defender for Office 365 P1 expands on the prevention side of the house, and adds extra forms of detection.

Microsoft Defender for Office 365 P1 also adds Real-time detections for investigations. This threat hunting tool’s name is in bold because having it is clear means of knowing you have Defender for Office 365 P1. It doesn’t appear in Defender for Office 365 P2.

Defender for Office 365 Plan 2 Features

Prevent/Detect Investigate Respond
Same as Microsoft Defender for Office 365 P1 Technologies include everything in EOP,
and Microsoft Defender for Office 365 P1 plus:

  • Threat Explorer
  • Threat Trackers
  • Campaign views
Technologies include everything in EOP,
and Microsoft Defender for Office 365 P1 plus:

  • Automated Investigation and Response (AIR)
  • AIR from Threat Explorer
  • AIR for compromised users
  • SIEM Integration API for Automated Investigations

Microsoft Defender for Office 365 P2 expands on the investigation and response side of the house, and adds a new hunting strength. Automation.

In Microsoft Defender for Office 365 P2, the primary hunting tool is called Threat Explorer rather than Real-time detections. If you see Threat Explorer when you navigate to the Security center, you’re in Microsoft Defender for Office 365 P2.

EOP and Microsoft Defender for Office 365 are also different when it comes to end-users. In EOP and Defender for Office 365 P1, the focus is awareness, and so those two services include the Report message Outlook add-in so users can report emails they find suspicious, for further analysis.

In Defender for Office 365 P2 (which contains everything in EOP and P1), the focus shifts to further training for end-users, and so the Security Operations Center has access to a powerful Threat Simulator tool, and the end-user metrics it provides.

Microsoft Defender for Office 365 Plan 1 vs. Plan 2

This quick-reference will help you understand what capabilities come with each Microsoft Defender for Office 365 subscription. When combined with your knowledge of EOP features, it can help business decision makers determine what Microsoft Defender for Office 365 is best for their needs.

Microsoft Defender for Office 365 Plan 1 vs. Plan 2 cheat sheet
Defender for Office 365 Plan 1 Defender for Office 365 Plan 2
Configuration, protection, and detection capabilities:

  • Safe Attachments
  • Safe Links
  • Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
  • Anti-phishing protection in Defender for Office 365
  • Real-time detections
Defender for Office 365 Plan 1 capabilities

— plus —

Automation, investigation, remediation, and education capabilities:

  • Threat Trackers
  • Threat Explorer
  • Automated investigation and response
  • Attack Simulator

How do I purchase Microsoft Defender for Office 365?

As an authorized Microsoft reseller, Ataira is able to offer Microsoft Defender for Office 365 to it’s customers. To purchase simply follow the normal checkout procedures and click the link to authorize Ataira as a Microsoft reseller for your organization. An important caveat to the provisioning process is that you must purchase or have purchased one of the base subscriptions below from Ataira.

Microsoft Defender for Office 365 base subscriptions:

  • Exchange Online Plan 1
  • Exchange Online Plan 2
  • Exchange Online Kiosk
  • Exchange Online Protection
  • Microsoft 365 Business Basic
  • Microsoft 365 Business Standard
  • Office 365 Enterprise E1
  • Office 365 Enterprise E3
  • Office 365 Enterprise F3
  • Office 365 A1
  • Office 365 A3

To see a list of all Microsoft Defender for Office 365 available follow the link below:

Buy Microsoft Defender Plan 1 Monthly Subscriptions – Ataira
Buy Microsoft Defender Plan 2 Monthly Subscriptions – Ataira