Kharmela Mindanao

By: Kharmela Mindanao on December 12th, 2023

Print/Save as PDF

What is Microsoft Defender for Office 365? (A Beginner’s Guide)

Microsoft 365

Editor's note: This post was originally published on December 14, 2021 and has been revised for clarity and comprehensiveness.

Choosing the best Microsoft products can feel like blindly grabbing socks from your closet and hoping they match. With all the options available, how do you decide which product is the best for your company?   

When it comes to security, you don’t want to have a product that underperforms your business or doesn’t help with the problem you have. 

Intelligent Technical Solutions (ITS) has been in the business for over 20 years, and we fully understand that choosing the best security program is vital for small companies. So, we’ve prepared an article about Microsoft Defender for Office 365. 

We’ll tackle the following points:    

  • The definition of Microsoft Defender for Office 365 
  • The features and plans of Microsoft Defender for Office 365 
  • A quick comparison of Microsoft Defender for Office 365 with other Microsoft Defender products 

By the end of this article, you’ll have an easier time choosing which Microsoft Defender product you can use for your business.  

What is Microsoft Defender for Office 365?   

Microsoft Defender for Office 365

Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection) is a security service designed to protect you when you use Office 365.   

According to Microsoft, it’s a cloud-based email filtering service that protects your business from threats to email & collaboration tools.   

Essentially, Defender for Office 365 targets threats that can be coursed through your use of Office 365. It’s connected to a database from Microsoft that analyzes your correspondence and evaluates the likelihood of a link or file being a virus. 

Microsoft Defender for Office 365 Features  

This program primarily focuses on threat prevention, investigation, and response in the Office 365 workspace. Defender for Office 365 comes with different plan levels that are often bundled with the kind of Microsoft subscription you have.   

However, it’s possible to upgrade to a different Defender for Office 365 plan separately. This is great for businesses that have specialized needs.   

There are two possible plans for Defender for Office 365: Plan 1 and Plan 2.  

Defender for Office: Plan 1 

Plan 1 for Defender for Office is a step up from the standard EOP (Exchange Online Protection). EOP focuses on basic threat detection and prevention, while Plan 1 builds on EOP features by expanding on threat prevention and detection.  

The main features of Plan 1 are:   

Attachment icon1. Safe Attachments 

Defender can quickly scan the attachments in communication among your organization's users.   

Link icon2. Safe Links 

Defender can use Microsoft’s database to test links in a controlled environment and see any suspicious activities.   

File and Folder sharing icon3. Safe Attachments for SharePoint, OneDrive, and Microsoft Teams 

Plan 1 protects SharePoint, OneDrive, and Microsoft Teams attachments, unlike EOP, which has more limitations.   

Anti-phishing icon4. Anti-phishing in Defender for Office 365 protection 

There is an additional layer of protection against phishing. Defender points out or quarantines communication that suspiciously asks you to provide information.   

Real-time icon5. Real-time detection 

The ability to see threats in real-time allows for SIEM (Security Information and Events Management) Integration.   

Free Cybersecurity Scan

Defender for Office: Plan 2 

Plan 2 of Defender for Office 365 contains all the features of Plan 1 & EOP. It expands on the previous plans by focusing on security education, threat investigation, threat response, and automation of security protocols.   

The main additional features of Plan 2 are:   

Threat tracker icon1. Threat Trackers 

Threat tracking allows you to see the path of a threat across your organization. It can provide invaluable insight into possible security breaches in your system.   

threat explorer icon2. Threat Explorer 

Threat Explorer provides a deeper analysis of threats in real-time against people in your organization.   

Automated investigation and response icon3. Automated investigation and response 

Automated threat detection helps free up your IT personnel's time to deal with threats that need human judgment.    

Simulation icon4. Attack simulation training 

To highlight the thrust for a holistic security program, Defender for Office Plan 2 includes training. Attack simulation training helps staff have a proactive role in managing their security.   

Defender for Office 365 vs. Endpoint vs. Identity vs. Cloud Apps 

The problem with Defender for Office 365 is distinguishing it from the other Microsoft Defender products, which can seem confusing at first glance.   

Think of Defender products like a hierarchy.  

At the top is Microsoft Defender. This is the integrated dashboard that has the following services:   

  • Defender for Office 365 
  • Defender for Endpoint 
  • Defender for Identity  
  • Defender for Cloud Apps 

These products were formerly called other names but have been standardized in recent months by Microsoft.  


Microsoft 365 Defender architecture

Each Defender product has its own specialization: 

1. Defender for Office 

Defender for Office focuses on threats that come through your use of Office 365. This is best for companies that rely on Office 365.  

2. Defender for Identity 

Defender for Identity (formerly Defender for Azure) leverages user behavior and active directory analysis to see possible identity-based security threats.  

3. Defender for Endpoint 

Defender for Endpoint specializes in endpoint threats. It uses AI (Artificial Intelligence) to evaluate threats to your system. 

4. Defender for Cloud Apps 

Defender for Cloud Apps (formerly known as Cloud App Security) focuses on analyzing the security of the deployed cloud apps in your organization. 

Ready to implement Microsoft Defender for your business? 

Implement Windows Defender on Computer Network

All in all, Microsoft Defender is a powerful tool to protect your company’s data. Defender for Office 365 protects your users when they use Office 365 programs.   

It’s best to have this if your organization relies heavily on Office 365 for your employees.  

However, if your business isn’t reliant on it, or is too small to benefit from a plan, you can use the standard protection offered by Microsoft.   

Making the correct choice of where to put your company resources is no easy task. And ITS, as a Microsoft Gold partner, specializes in helping clients get the best Microsoft products that fit their company. We’ve prepared the following resources to help you find the best Microsoft tools for your company:  

But we also know that having an idea of what Microsoft products are available isn’t enough to get a holistic security setup for your IT infrastructure. Learn more about your company’s security needs with our free IT needs analyzer. You can also schedule a call with one of our cybersecurity consultants. 

Free Cybersecurity Scan