Professional Documents
Culture Documents
Prevents broad
Volume-based
Known attacks
Plan 1
Safe Attachments
Safe Links
Safe Attachments for SharePoint, OneDrive and Teams
Anti-Phishing Protection in defender for office 365
Real-Time detections.
Threat Trackers
Threat Explorer
Automated investigation and response
Attack simulation training
Proactively hunt for threats with advanced hunting in Microsoft 365 defender
Investigate incidents in Microsoft 365 defender
Investigate alerts in Microsoft 365 defender
Safe Documents - M365 A5 Faculty, M365 A5 for Students & M365 E5 Security.
Flow Diagram:
Microsoft defender for office 365 safeguards our organization against malicious threats posed by
email messages, links (URL), & Collaboration tools.
Defender for office 365 - Cloud-based email protection - On-premises exchange server
environment or any other on-premises SMTP e-mail solution.
Defender for office 365 - Protect Exchange Online Cloud-hosted mailboxes.
Hybrid Deployment - Protect our messaging environment & control mail routing when
we have a mix of on-premises and cloud mailboxes with EOP for inbound email filtering.
Safe Links - Provides time of click verification of URLs, Protection is ongoing and applies across
our messaging and office Environment. Links are scanned for each click, safe links remain
accessible and malicious links are dynamically blocked.
Safe Attachments for SharePoint, OneDrive & Microsoft Teams - Identify and block malicious
files in team sites and documented libraries.
Safe Documents – Safe document is a premium feature that uses the cloud backend of
Microsoft Defender for Endpoint to scan opened office documents in a protected view or
Application Guard for office.
Anti-phishing protection in Defender for Office 365 - Applies machine learning models and
advanced impersonation-detection algorithms to avert phishing attacks.
Real-Time Detections (P1) or Explorer (P2) - Malware detected by Microsoft 365 Security
features, View phishing URL and click verdict data, investigate malicious email and files detected
in SharePoint Online, OneDrive & Microsoft Teams & Start an automated investigation and
response process from Explorer (Only for Plan 2)
Data Retention & Search Limit - 30 Days
Export of records for threat explorer - Limit Updated from 9990 - 200000 records
New Features in Threat Explorer & Real-time detections
View phishing emails sent to impersonated users and domain.
Preview email header & download email body.
Email timeline.
Export URL click data.
Threat Trackers - Provide the latest intelligence on prevailing cybersecurity issues. - Noteworthy
trackers, Trending trackers, Tracked queries & Saved queries.
Attack Simulation Training - Allows our to run realistic attack scenarios in your organization to
identify vulnerabilities. Simulations of current types of attacks are available, including spear
phishing credential harvest and attachment attacks, and password spray and brute force
password attacks.
Automated Investigation and Response - (AIR) capabilities include a set of security playbooks
that can be launched automatically, such as when an alert is triggered, or manually