Microsoft Defender for Office 365 (Plan 1) is a comprehensive security solution designed to protect Microsoft 365 environments. It includes essential features such as robust anti-phishing protection to safeguard against malicious emails and phishing attempts. Plan 1 also offers anti-spam filtering to keep inboxes clean from unwanted messages, enhancing productivity and reducing the risk of phishing attacks.
 
Features of Microsoft Defender for Office 365 (Plan 1):
 
1. Protection Against Phishing:
Anti-Phishing: Helps protect users from phishing attacks, including those targeting corporate identities and credentials. It uses machine learning models and spoof intelligence to detect and block suspicious emails.
Spoof Intelligence: Identifies and blocks emails from unauthorized senders pretending to be trusted organizations or individuals (email spoofing).
Safe Links: Scans URLs in email messages to ensure they are safe before a user clicks on them. If a link leads to a malicious site, users are blocked from opening it.
2. Protection Against Malware and Ransomware:
Anti-Malware: Detects and blocks malicious attachments, such as viruses, worms, and trojans, before they reach the user’s inbox. Includes real-time protection using signature-based detection.
Safe Attachments: Analyzes email attachments in a sandbox environment before they are delivered to the user. If an attachment is determined to be malicious, it is blocked or removed.
Ransomware Detection: Identifies suspicious email patterns commonly associated with ransomware and alerts administrators to potential threats.
3. Threat Intelligence and Reporting:
Threat Intelligence: Provides insights into global and local threats targeting users. Administrators can access detailed reports about the most current and emerging threats targeting the organization.
Security Dashboards: Offers visual reports and dashboards that give admins insights into the effectiveness of the protection, including threat activity and blocked malicious emails.
4. Anti-Business Email Compromise (BEC) Protection:
Anti-BEC Protection: Protects against Business Email Compromise (BEC) attacks by identifying impersonation attempts and spoofing. Uses machine learning to detect anomalous behavior and high-risk patterns.
Impersonation Protection: Helps prevent attackers from impersonating trusted users, such as high-ranking executives, and sending malicious emails to employees within the organization.
5. Quarantine and Review:
Quarantine: Suspicious emails or attachments are placed in quarantine, allowing administrators or users to review them before taking further action (e.g., release or delete).
User-Level Quarantine: Users can manage their own quarantined emails, such as reviewing and releasing emails that are mistakenly flagged as malicious.
6. Integrated with Microsoft 365 Security Center:
Centralized Management: Defender for Office 365 (Plan 1) integrates with the Microsoft 365 Security Center, allowing administrators to manage email security, review alerts, and configure policies from a single location.
Policy and Rule Management: Admins can configure security policies and rules that control how emails are handled, including setting up custom filters to block specific types of content.
7. Automated Investigation and Response (AIR):
Automated Investigation: Automatically investigates suspicious email messages and attachments to determine if they pose a threat. It reduces the manual effort required to detect and respond to incidents.
Automated Response: Once a threat is confirmed, the system can automatically take action, such as removing or quarantining malicious emails from the inbox or blocking the malicious sender.
8. Customizable Policies:
Phishing Protection Policies: Admins can configure phishing protection rules that apply to different types of emails or user groups. This helps tailor protection to the specific needs of the organization.
Safe Links and Safe Attachments Policies: Policies can be customized to specify how email links and attachments are handled, such as whether they should be blocked or replaced with a warning message.
9. Reporting and Alerts:
Real-Time Alerts: Provides immediate notifications to administrators when a security threat is detected, such as a phishing attack, malware outbreak, or impersonation attempt.
Detailed Threat Reports: Includes detailed reports on threats that were blocked or flagged, including the type of threat and the action taken (e.g., quarantining the email or blocking a URL).
Advanced Query and Search Capabilities: Admins can use advanced search capabilities to query and investigate email threats, including filtering by threat type or date range.
10. Email Traffic Insights:
Sender and Recipient Analysis: Gives insights into email traffic, including information about high-risk senders and the types of threats targeting the organization. Helps identify and mitigate threats more effectively.
Mail Flow and Threat Analytics: Offers analytics on mail flow and incoming/outgoing messages, helping admins understand email patterns and identify any abnormalities that could indicate a threat.