What is Microsoft Defender?
Every Office 365 subscription comes with security capabilities. The goals and actions that you can take depend on the focus of these different subscriptions. In Office 365 security, there are three main security services (or products) tied to your subscription type:
- Exchange Online Protection (EOP)
- Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
- Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)
Office 365 security builds on the core protections offered by EOP. EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based).
You may be accustomed to seeing these three components discussed in this way:
|Exchange Online Protection||Microsoft Defender for Office 365 P1||Microsoft Defender for Office 365 P2|
|Prevents broad, volume-based, known attacks||Protects email and collaboration from zero-day malware, phish, and business email compromise||Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training)|
The core of Office 365 security is EOP protection. Microsoft Defender for Office 365 P1 contains EOP in it. Defender for Office 365 P2 contains P1 and EOP. The structure is cumulative. That’s why, when configuring this product, you should start with EOP and work to Defender for Office 365.
Though email authentication configuration takes place in public DNS, it’s important to configure this feature to help defend against spoofing. If you have EOP, you should configure email authentication.
If you have an Office 365 E3, or below, you have EOP, but with the option to buy standalone Defender for Office 365 P1 through upgrade. If you have Office 365 E5, you already have Defender for Office 365 P2.
If your subscription is neither Office 365 E3 or E5, you can still check to see if you have the option to upgrade to Microsoft Defender for Office 365 P1. If you’re interested.
The Office 365 security ladder from EOP to Microsoft Defender for Office 365
EOP and Microsoft Defender for Office 365 and their security emphasis, going from Protect and Detect to Investigate and Respond. Email Authentication configuration (at least DKIM and DMARC) should be set up for EOP and up.
What makes adding Microsoft Defender for Office 365 plans an advantage to pure EOP threat management can be difficult to tell at first glance. To help sort out if an upgrade path is right for your organization, let’s look at the capabilities of each product when it comes to:
- preventing and detecting threats
Exchange Online Protection Features
| || || |
Defender for Office 365 Plan 1 Features
Because these products are cumulative, if you evaluate Microsoft Defender for Office 365 P1 and decide to subscribe to it, you’ll add these abilities.
|Technologies include everything in EOP plus: ||Technologies include everything in EOP plus: ||Same as EOP|
Microsoft Defender for Office 365 P1 expands on the prevention side of the house, and adds extra forms of detection.
Microsoft Defender for Office 365 P1 also adds Real-time detections for investigations. This threat hunting tool’s name is in bold because having it is clear means of knowing you have Defender for Office 365 P1. It doesn’t appear in Defender for Office 365 P2.
Defender for Office 365 Plan 2 Features
|Same as Microsoft Defender for Office 365 P1||Technologies include everything in EOP, |
and Microsoft Defender for Office 365 P1 plus:
|Technologies include everything in EOP, |
and Microsoft Defender for Office 365 P1 plus:
Microsoft Defender for Office 365 P2 expands on the investigation and response side of the house, and adds a new hunting strength. Automation.
In Microsoft Defender for Office 365 P2, the primary hunting tool is called Threat Explorer rather than Real-time detections. If you see Threat Explorer when you navigate to the Security center, you’re in Microsoft Defender for Office 365 P2.
EOP and Microsoft Defender for Office 365 are also different when it comes to end-users. In EOP and Defender for Office 365 P1, the focus is awareness, and so those two services include the Report message Outlook add-in so users can report emails they find suspicious, for further analysis.
In Defender for Office 365 P2 (which contains everything in EOP and P1), the focus shifts to further training for end-users, and so the Security Operations Center has access to a powerful Threat Simulator tool, and the end-user metrics it provides.
Microsoft Defender for Office 365 Plan 1 vs. Plan 2
This quick-reference will help you understand what capabilities come with each Microsoft Defender for Office 365 subscription. When combined with your knowledge of EOP features, it can help business decision makers determine what Microsoft Defender for Office 365 is best for their needs.
|Defender for Office 365 Plan 1||Defender for Office 365 Plan 2|
|Configuration, protection, and detection capabilities: ||Defender for Office 365 Plan 1 capabilities |
— plus —
Automation, investigation, remediation, and education capabilities:
How do I purchase Microsoft Defender for Office 365?
As an authorized Microsoft reseller, Ataira is able to offer Microsoft Defender for Office 365 to it’s customers. To purchase simply follow the normal checkout procedures and click the link to authorize Ataira as a Microsoft reseller for your organization. An important caveat to the provisioning process is that you must purchase or have purchased one of the base subscriptions below from Ataira.
Microsoft Defender for Office 365 base subscriptions:
- Exchange Online Plan 1
- Exchange Online Plan 2
- Exchange Online Kiosk
- Exchange Online Protection
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Office 365 Enterprise E1
- Office 365 Enterprise E3
- Office 365 Enterprise F3
- Office 365 A1
- Office 365 A3
To see a list of all Microsoft Defender for Office 365 available follow the link below: