Introduction

  • 2 minutes

Exchange Online Protection (EOP) uses a multi-layered approach to protect users from different kinds of threats, such as:

  • Phishing
  • Spoofing
  • Spam
  • Bulk email
  • Malware

Microsoft Defender for Office 365 extends the protection provided by EOP by filtering targeted attacks that could pass through EOP’s line of defenses. These attacks include advanced threats such as:

  • Zero-day attacks in email attachments and Office documents.
  • Time-of-click protection against malicious URLs.

When integrated together, EOP and Microsoft Defender for Office 365 provide the most efficient level of protection against commodity and advanced targeted threats.

This module examines how Microsoft Defender for Office 365 protects users from advanced threats through features such as safe attachments and safe links. You'll also learn about Configuration Analyzer, which reviews an organization's threat protection policies and provides suggestions for improvement. The module then explores how to manage spoof intelligence features and anti-phishing policies. You'll then explore how the tenant allow/block list can help you manage manual overrides to further fine-tune your secure messaging environment. Lastly, You'll be introduced to Attack simulation training, which is a feature in Microsoft Defender XDR that provides realistic attack scenarios to help organizations identify vulnerable users before a real attack happens.

Prerequisites

This module is designed for persons who are aspiring to the Microsoft 365 Messaging Administrator role. The prerequisites for this module include:

  • Ability to navigate the Microsoft 365 admin center, the Exchange admin center, and the Microsoft Defender portal.
  • Ability to create Domain Name System (DNS) records at an intermediate level.
  • Familiarity with Active Directory concepts such as centralized domain management, sites, and directory-based identity-related services.
  • Ability to write PowerShell commands at an intermediate level.

Learning objectives

After completing this module, you'll be able to:

  • Describe the threat protection features of Microsoft Defender for Office 365.
  • Understand how the Configuration analyzer reviews threat protection policies and provides suggestions for improvement.
  • Describe the protection provided by Safe Attachment and Safe Links policies.
  • Understand the spoof intelligence features provided by Exchange Online Protection.
  • Describe how Microsoft Defender anti-phishing policies work.
  • Understand the process to manage the Tenant Allow/Block list in Microsoft Defender XDR.
  • Run realistic attack scenarios using Attack Simulator to help identify vulnerable users before a real attack impacts your organization.