Protect against threats in Office 365

With Office 365 Enterprise, you can help protect your organization against a variety of threats, including spoofing, malware, spam, phishing attempts, and unauthorized access to data. Use the resources on this page to learn about threat protection and actions you can take.


If you're using a custom domain in Office 365, help stop sender fraud from your organization, improve email security, and protect your domain's reputation.

Anti-spam & anti-malware

Learn about Office 365 anti-spam scoring, connection filtering, and malware capture, including default settings and how to report malicious email.

Advanced Threat Protection

Configure policies to manage spoofing, protect against phishing attacks, and catch malicious URLs or files in email messages with Advanced Threat Protection (ATP).


Get a primer on encryption, set up rights management policies and email encryption, and configure additional encryption settings. Get details about the root certificate used by our mail servers for Office 365.

Managing devices & apps

Monitor and control how mobile devices access your Office 365 data, and ban or approve mobile apps in use at your organization.

Threat intelligence

Identify, monitor, and understand attacks, and quickly address threats by using the insights and knowledge available to prevent attacks.

Privileged access management

Help protect your organization from breaches that may use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. After enabling privileged access management, users will need to request just-in-time access to complete elevated and privileged tasks through an approval workflow that is highly scoped and time-bound.

Additional options

Get more information about related Microsoft technologies and processes that help secure Office 365 against threats.