Office 365 remains the most widely used productivity platform for businesses of various sizes and industries. However, its large user base is one reason attackers continue to target it, as highlighted by a 2023 recent Kaspersky study that showed a 53% increase in attacks on Office 365 in 2023. The good news is that Office 365 integrates seamlessly with several Microsoft security products like Defender, which offers several useful protection features. 

Many security features in Defender for Office 365 are enabled by default. However, there are several important ones that you will need to enable and configure carefully to meet your business’s specific security needs. Let’s explore all the crucial security features in Defender for Office 365 that you should review, enable, and configure to ensure optimal security for your business. 

Default Anti-Phishing Policy
The default anti-phishing policy in Microsoft Defender for Office 365 offers basic protection against spoofing and uses mailbox intelligence to analyze email patterns. For those who may not know, spoofing is a type of cyberattack where a malicious actor disguises themselves as a trusted source to deceive recipients, often by falsifying email addresses or domains. 

It is important to note that user and domain impersonation protection is not enabled by default. To activate these, Office 365 administrators need to either modify the default anti-phishing policy or apply preset security policies, such as Standard or Strict, which come with built-in protection settings. Custom policies can also be created to tailor the protection levels for specific organizational needs.

Safe Attachments and Safe Links
As an Office 365 user, you will usually receive several emails every day, some of which may include attachments and links. Defender for Office 365 includes the Safe Attachments and Safe Links feature to guard against malicious content in emails, files, and links. Safe Attachments scans attachments in emails, SharePoint, OneDrive, and Microsoft Teams for malware, ensuring that harmful files are blocked before they can cause damage. 

Safe Links protects users by scanning links for threats when they click on them in emails, Teams messages, and Office apps. It also rewrites URLs in emails, providing an extra layer of security by checking if the links are malicious at the time of click. So, when someone clicks the link, it checks in real time to see if the link leads to a malicious site or content before redirecting them there. 

Impersonation Protection
Defender for Office 365 protects important individuals and domains from impersonation attacks by allowing admins to set up specific policies. These policies focus on high-profile users, like CEOs and CFOs, and can include measures like monitoring emails and flagging any that appear to come from these users but are actually from attackers.

The system can quarantine emails suspected of being impersonation attempts and alert administrators or users, depending on the policy settings. By using intelligent mailbox analysis, the system further enhances protection by learning user behaviors and detecting any suspicious variations.

Advanced Phishing Thresholds
The anti-phishing policies in Defender for Office 365 include configurable thresholds that determine how aggressively the system responds to phishing attacks. There are three different levels, including Standard, More Aggressive, and Most Aggressive. Let’s explore each briefly: 

• Standard: This level provides a balanced approach to detecting phishing attempts. It applies general scrutiny to emails and flags messages that exhibit suspicious behavior, but it may allow some potentially harmful emails to pass through, focusing on maintaining a smooth workflow.
• More Aggressive: This level increases sensitivity to potential phishing threats. It employs stricter detection methods, resulting in a higher rate of flagged messages. Emails that appear suspicious are more likely to be quarantined, which helps further reduce the risk of successful phishing attacks.
• Most Aggressive: The most sensitive setting, this level applies the highest scrutiny to incoming emails. It aggressively scans for any signs of phishing and takes stringent actions against suspicious messages, such as immediate quarantine. This approach significantly minimizes the chances of falling victim to phishing attempts but may also result in more false positives.

Microsoft Defender for Office 365 gives admins the option to create specific policies tailored to individual users or groups. This allows admins to apply stricter settings for high-profile users, such as executives or those handling sensitive information. This customization helps enhance security for key personnel while maintaining appropriate levels of protection for other users in the organization.

Quarantine Policies
Quarantine policies in Defender for Office 365 control what happens to emails and files flagged as suspicious. Administrators can define what actions users are allowed to take with quarantined items and whether users receive notifications when something is quarantined. For instance, a policy might allow administrators to review and release emails while users are only notified. Quarantine policies also define whether users can request access to quarantined items, adding a layer of flexibility for organizations with different security requirements.

Safe Documents Protection
Safe Documents is a feature designed to protect users from downloading and opening malicious files within Office apps. It works by scanning documents for threats before they are opened in Word, Excel, or PowerPoint. If a file is deemed suspicious, users are prevented from opening it unless it is confirmed safe. 

Attack Simulation Training
Defender for Office 365 offers Attack Simulation Training, a tool that allows administrators to simulate real-world phishing attacks within the organization. This feature is designed to raise security awareness and help employees recognize and avoid phishing attempts. By creating customized attack scenarios, admins can track which employees fall for simulated attacks and provide targeted training to improve their responses to phishing threats.

Secure Score and Recommendations
Secure Score is one of the most useful features in Defender for Office 365. It provides organizations with a security posture assessment, showing how secure their environment is based on a range of factors, including configuration settings and active policies. It offers recommendations for improving security and guiding admins on steps they can take to reduce risk, such as enabling multi-factor authentication (MFA) or improving phishing protections. Secure Score helps IT teams prioritize and track security improvements.

Key Takeaways

As you might have noticed throughout this article, Microsoft Defender for Office 365 offers a robust suite of security features that can significantly enhance your organization’s protection against cyber threats. While many features are enabled by default, careful configuration and customization are essential to meet your specific security needs. 

By understanding and leveraging these security features, you can create a more secure and resilient Office 365 environment for your business. Please note that to access all advanced security features in Microsoft Defender for Office 365, such as anti-phishing, Safe Links, and Safe Attachments, you’ll need Defender for Office 365 Plan 2 or Microsoft 365 E5.