Microsoft Defender for Office 365 Beginner Series

Security threats evolve every day and Microsoft 365 comes equipped with enough security provisions to deal with them. These security provisions are grouped under the Microsoft 365 Security Admin Center which is also known as the Microsoft Defender portal or Microsoft Defender for Office 365.

In this series of articles, I’ll be exploring all the security policies available in the Policies & rules page under the Email & Collaboration menu (shown in Figure 3) that help Microsoft 365 Security Administrators strengthen the email security of their Microsoft 365 tenant.

Note: The series discusses a little bit of document security and app security as well.

I’ll cover everything that is needed – right from how to sign up for the Microsoft 365 E5 developer program, ensuring Microsoft Defender service is turned on, differences between the default security policies, etc., - to get your Microsoft Defender email security policies up and running so that it can secure your Microsoft 365 tenant against various security threats.

Accessing the Microsoft Security Admin Center or Microsoft Defender Portal

You can access the Microsoft Defender portal in two ways:

• By clicking this link: https://security.microsoft.com/ [or]
• By selecting Show all >> Security (under Admin Centers) as shown in Figure 1 and 2.

Note: Whether Defender for Microsoft 365 is available for your tenant depends upon your subscription. In case, it’s not available, you’ll have to get it as an add-on. The subscription I’ll be discussing here – the Microsoft 365 E5 developer trial edition – ships with the Microsoft Defender portal by default.

What is Microsoft Defender for Office 365?

Microsoft Defender is a security suite of products that handle different areas of Microsoft 365 security like tenant security, email security, endpoint security, user identity security etc., The focus of this series is Microsoft 365 tenant email security and the various security policies that address the three most vulnerable areas of the tenant on the cloud – namely email, documents, and collaboration tools.

Microsoft Defender for Office works on top of Exchange Online Protection (EOP) - if you are using the Exchange cloud service – and ensures security threats are kept at bay.

Why do Microsoft 365 tenants need Microsoft Defender Protection?

Just like any other cloud service, Microsoft 365 is exposed to a lot of cybersecurity threats. To mitigate these attacks, you need Microsoft Defender. Microsoft Defender addresses different areas of Microsoft 365 tenant security like email security, device security, app security, and much more.

What does Microsoft Defender for Microsoft 365 offer?

Microsoft Defender for Office 365 offers the following:

• Protection against zero-day attacks: Microsoft Defender is equipped to handle zero-day attacks. The security intelligence it constantly gathers makes it strong enough to handle zero-day attacks of all kinds – be it in emails, office documents, malicious URLs, etc.,
• Protection against dangerous attachments and links: Emails are easy targets for attackers. So, Microsoft Defender works on top of EOP (Exchange Online Protection) and offers features like safe attachments, safe links, spam filtering, etc., that ensure your organization’s mail stays secure.
• Host of robust security policies: You have security policies like Anti-Phishing, Anti-Spam, and Anti-malware to name a few. For those who are not sure where and how to start, you have preset security policies that help you assess the security posture of your tenant and modify the security controls accordingly.
• Simulation attacks: Microsoft Defender also lets you simulate cyber-security threats so that you can test them against your tenant and your users. These simulated attacks can be applied on a user, group, or domain basis. And for those who fail these tests, you have security programs that can increase security awareness within your organization.
• Comprehensive security reports: Granular reports on suspicious-looking URLs, spam emails, emails containing malware, frequent email senders and recipients help you monitor and improve the security posture of your tenant.

Different Microsoft Defender plans available for Microsoft 365?

Microsoft Defender for Microsoft 365 ships in two different plans: Microsoft Defender for Office 365 (Plan 1) and Microsoft Defender for Office 365 (Plan 2)

• Microsoft Defender for Office 365 Plan 1: The focus is on threat detection and prevention. This extends the basic security offered by EOP by adding features like safe attachments, safe links, anti-spam, and anti-phishing policies – all of which help you with real-time threat detection.
• Microsoft Defender for Office 365 Plan 2: The focus is on threat investigation and response on top of all that you get in Plan 1. The automated threat investigation and response system – along with threat trackers and threat explorer - helps you handle the ever-evolving threat landscape easily. You also get attack simulation programs that increase security awareness among your users.

How to use this guide?

It is best to read the articles in the order they are written. And since Microsoft 365 security is a vast topic, remember to watch out for this corner for new articles every week.

• Signing up with the 90-day free Microsoft 365 E5 Developer Program
• Ensuring Microsoft Defender for Office 365 is Turned On
• Microsoft Defender Preset Security Policy
• Deploying Microsoft Defender for Office 365 Standard and Strict Preset Security Policy
• Differences between Built-in, Standard, and Strict Preset Security Policies
• Creating Simulation Attacks for spreading security awareness among users
• Automating Simulation Attacks
• Creating Custom Policies for your organization security
• Safe Links Policy
• Safe Attachments Policy
• Anti-Spam Policy
• Anti-Phishing Policy
• Anti-Malware Policy

**** Articles marked in red will be uploaded soon! Keep an eye on this corner!