How To Use Microsoft Defender For Office 365

As working from anywhere and everywhere becomes increasingly easier, so do cyberthreats.

To protect your organization and yourself and your company data, and ensure that your data is secure, you can use Microsoft Defender for Office 365, formerly Office 365 Advanced Threat Protection (ATP). 

This article outlines what Microsoft 365 Defender is and how it can protect target systems.

What Is Microsoft Office 365 Defender?

Microsoft 365 Defender is a cloud-based cybersecurity service offered by Microsoft and designed to protect Office 365 (now Microsoft 365) users.

Microsoft 365 Defender protects an enterprise's email messages and Office 365 resources.

Generally, Microsoft 365 Defender is a unified pre- and post-breach enterprise cybersecurity defense suite that can be used by small and medium-sized businesses of up to 300 employees.

The goal of Microsoft 365 Defender is to provide integrated threat protection against malware and sophisticated attacks. 

How Does Microsoft 365 Defender Work?

Essentially, Defender for Office 365 targets malicious threats that can occur through email and the use of Microsoft 365. 

The security service is connected to a Microsoft database that analyzes an enterprise's endpoints and correspondence and evaluates the likelihood of a text, file, or link being a potential malware.

Microsoft 365 Defender has three primary security services (or products) in every subscription type:

1. Microsoft Exchange Online Protection (EOP). This prevents broad, volume-based known attacks on Exchange Online mailboxes.
2. Microsoft Defender for Office 365 Plan 1 (P1). This plan protects email and enterprise collaboration tools from viruses, phishing attacks, zero-day malware, and enterprise email compromise.
3. Microsoft Defender for Office 365 Plan 2 ( P2). In addition to what's offered in EOP and Plan 1, Plan 2 adds post-breach automated investigation, response, hunting, and protection automation and simulation (usually for training).

To protect your business, the Defender for Office 365 security service includes:

Microsoft Defender for Endpoints

This enterprise endpoint security platform helps enterprise networks detect, prevent, investigate, and respond to advanced threats. 

Integrating this security solution with Microsoft Intune can help prevent or limit the impact of security breaches. 

Web Content Filtering

Both Microsoft Defender for Endpoint and Microsoft Defender for Business allow organizations to track and regulate access to websites based on their content categories. 

Threat Protection Policies

Set the appropriate threat protection level for your organization.

Threat Investigation And Response Capabilities

These leading-edge tools help investigate, simulate, understand, and prevent threats.

Reports

Real-time reports monitor Defender for Office 365's performance within the organization.

Automated Threat Investigation And Response Capabilities

Automate threat investigation to save time and effort and help you mitigate threats early.

Microsoft Defender for Office 365 shows the precise location in the attack chain where the incident's contributing activities occurred through these capabilities. 

For instance, these activities could highlight defense evasion, persistence, or lateral movement. 

This allows you to see the issue's severity, and you can act accordingly.  

The entire Defender for Office 365 services process involves an emphasis goal that looks like this:

Protect > Detect > Investigate > Respond 

All plans (EOP, MDO P1, and MDO P2) can conduct any of the goals of enterprise security breach protecting, detecting, investigating, and responding, but each has a core goal:

• Office 365 security — EOP protection.
• Microsoft Defender for Office 365 Plan 1 — contains EOP and offers extended detection and response.
• Microsoft Defender for Office 365 Plan2 — has what's provided in EOP and P1.

The structure Defender for Office 365 protection is cumulative. 

When you're configuring the product, it's essential to start with standalone Exchange online protection (EOP) as you move to Defender for Office 365 P1 and P2.

Office 365 E3, or below, comes with EOP security and an option to acquire and upgrade to a standalone Defender for Office 365 P1. 

Office 365 E5 comes with Defender for Office 365 P2, which includes EOP and MDO P1.

How Do I Turn On Microsoft Office 365 Defender?

If you or your security team are new to Defender for Office 365, know that the product automatically turns on when eligible customers who have the required permissions visit the service portal.

To turn on Microsoft Office 365 Defender, follow these steps:

1. Check license eligibility and confirm required permissions. If you have a license to any Microsoft 365 security product, you're guaranteed your usage of Defender for Office 365 without any additional licensing cost.
2. Check your role. You must be signed in to Defender for Office 365 as one of the following roles:
   1. Security Administrator
   2. Global Administrator
   3. Security Operator
   4. Security Reader
   5. Global Reader
   6. Compliance Administrator
   7. Compliance Data Administrator
   8. Application Administrator
   9. Cloud Application Administrator

1. Log into the Microsoft 365 Defender portal (admin center).
2. Enable Microsoft Defender for Office 365 for any email or Office 365 service you want. 
3. Check the list of items on the left pane in the service portal and click "Show all."
4. Under the admin center, click Security. This brings you protection to Microsoft 365 with other navigators.
5. You'll then go through some settings (instructions provided on the dialogue boxes) and then confirm whether the service is on. 

If support services are not enabled, stay on the left pane, then:

1. Go to Search> Audit log Search. If prompted, click Turn on auditing to enable audit log search.
2. Go back to the left pane and click on Threat Management > Policy. 
3. You will see different service provisions that you can configure and deploy for your organization, such as phishing, safe links, attachment, spam, malware, etc.
4. To enable protection, click on any of the policies and follow the instructions. 
5. If you're a global admin, for instance, at the center of the ATP attachments, click on Global settings, and on the right pane, you'll turn on the Toggle to turn on ATP for SharePoint, OneDrive, and Teams > then click Save.

You can do the same for other service policies on your subscription. 

What Is The Cost of Microsoft Office Defender?

Microsoft 365 Defender has an indirect pricing structure.

It charges most services per user in hours or per month. 

Microsoft also included the prices in the Microsoft 365 plans.

The Microsoft Defender for Cloud is a free service for the first 30 days. After that, it's charged as per the pricing structure below:

• Microsoft Defender for Business Servers Plan 1: $0.007/Server/hour
• Microsoft Defender for Business Servers Plan 2: $0.02/Server/hour (Included data - 500 MB/day)
• Microsoft Defender for Containers: $0.0095/vCore/hour
• Microsoft 365 Defender P1 standalone: $3/user/month (or Microsoft 365 E3 plan) costs $32 per user per month.
• Microsoft 365 Defender P2 version standalone: $5.00/user/month (Alternatively, it's included in the Microsoft 365 E5 enterprise plan for $57/user/month).

You can access Microsoft 365 Defender even if you don't have a Microsoft 365 subscription.

Is Windows Defender Good Enough?

Microsoft's Windows Defender, as currently offered, isn't good enough. 

Although it comes closer to competing with third-party security suites, it still lacks essential features that a great security suite should provide.

It ranks detection rates of top anti-malware competitors in malware detection, takes longer to scan, causes more PC slowdown, and severely lacks security features compared to top antivirus and security suites. 

So, using Windows Defender as a standalone security suite may still leave you vulnerable to advanced threats. 

You can combine it with Microsoft 365 Business Premium, among other tools. 

Conclusion

Overall, we recommend that you ensure that your business/organization is cyber-secure by enabling Microsoft Defender for Office 365.

 You cannot depend on Windows Defender alone for your cloud protection. 

Select the right plan for your business needs from the available options for a better outcome.

To get started, confer with a trusted IT cybersecurity and support partner like Integrity Technology Solutions to help you understand how your business can integrate Microsoft Defender for Office 365.

You could also assess your company’s data security status by downloading this free data security checklist to help you understand your business' security posture and where you might need help.