Protect against threats in Office 365

With Office 365 Enterprise, you can help protect your organization against a variety of threats, including spoofing, malware, spam, phishing attempts, and unauthorized access to data. Use the resources on this page to learn about your threat protection options and actions you can take.


Zero-Day Protection


Anti-phishing protection includes user impersonation, domain impersonation, and external spoof protection.

If you're using a custom domain in Office 365, help stop sender fraud from your organization, improve email security, and protect your domain's reputation.


Advanced Threat Protection

Configure policies to manage spoofing, protect against phishing attacks, and catch malicious URLs or files in email messages with Advanced Threat Protection (ATP).


Get a primer on encryption, set up rights management policies and email encryption, and configure additional encryption settings. Get details about the root certificate used by our mail servers for Office 365.

Privileged access management

Help protect your organization from breaches that may use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. After enabling privileged access management, users will need to request just-in-time access to complete elevated and privileged tasks through an approval workflow that is highly scoped and time-bound.

Additional options

Get more information about related Microsoft technologies and processes that help secure Office 365 against threats.