Threat management in the Office 365 Security & Compliance Center

Use Threat management to help control and manage mobile device access to your organization's data, help protect your organization from data loss, and help protect inbound and outbound messages from malicious software and spam. You also use threat management to protect your domain's reputation and to determine whether or not senders are maliciously spoofing accounts from your domain.

How to view and use threat management in the Security & Compliance Center

In Office 365, use the Security & Compliance Center to manage threats in your organization.

To go directly to the Security & Compliance Center:

  1. Go to

  2. Sign in to Office 365 using your work or school account.

  3. In the left pane, select Threat management.

    Office 365 Security & Compliance Center Threat management menu

To go to the Security & Compliance Center using the Office 365 app launcher:

  1. Sign in to Office 365 using your work or school account.

  2. Select the app launcher The app launcher icon in Office 365 in the upper left corner, and then select the Security & Compliance tile.

  3. In the left pane, select Threat management.

About threat management in Office 365

These options are available under Threat management in the Security & Compliance Center.

We're still rolling out threat management for the Security & Compliance Center, so you might not see all of these yet, or you might see more than the options listed here. During the rollout, some of these, for example Anti-malware, Dkim, and others, will continue to be available through the Exchange Admin Center (EAC) for a limited time.

In some cases, there are minor differences between the EAC and the Security & Compliance Center implementations. For example, supported characters for spam filters are different between the two platforms. Articles are provided that give more information about specific differences when they occur.

Tool Description
Dashboard, Threat explorer, and Incidents
Once enabled, these panes allow you to manage Office 365 Analytics and threat investigation and response. For more information, see Office 365 Advanced Threat Protection Plan 2.
Mail filtering
Fine-tune and monitor settings that help prevent spam in Office 365. Create allow and block lists, determine who is spoofing your domain and why, and configure and view spam filter policies. For more information, see Office 365 email anti-spam protection.
You can also set up a policy to check that your users aren't sending spam. This can happen, for example, if a user's computer gets infected by malware that is programmed to send email messages. To learn how you can prevent outbound spam, see Configure the outbound spam policy.
If you are currently experiencing an issue with spam, you can use the Spam and malware troubleshooter.
Protects against viruses and spyware traveling to or from your organization in Office 365. Viruses are malicious software programs that, when executed, replicate themselves and modify other programs and data on the computer. Viruses spread throughout your computer looking for programs to infect and are also shared from one computer to another, often through email. Spyware gathers your personal information, such as sign-in information, and sends it back to its author. To get started configuring anti-malware policies, see Configure anti-malware policies.
If you are currently experiencing an issue with malware, you can use the Spam and malware troubleshooter.
Intended for more advanced Office 365 administrators, but available to all Office 365 customers, DomainKeys Identified Mail (DKIM) helps ensure that other email systems trust messages that you send from Office 365. DKIM does this by adding a unique digital signature to email messages that you send from your organization. Email systems that receive email from you can use this digital signature to help determine if the email is legitimate.
Don't worry if the details of how this works seem complicated, because the default that is set up for you in Office 365 should work for most organizations. If you do not set up DKIM yourself, Office 365 uses its default policy and keys that it creates in order to enable DKIM for your domain. Also, if you disable DKIM signing, after a period of time, Office 365 automatically enables the Office 365 default policy for your domain.
If you want, you can view this page in the Security & Compliance Center and see whether or not DKIM signatures are currently enabled for your domain and you can view the last time the encryption keys used by Office 365 were rotated. You can also manually rotate the keys yourself.
IMPORTANT! DKIM is only one email authentication technique used by Office 365. To be most effective, DKIM is used along with other supported techniques such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Together, these domain-based authentication technologies help prevent spam and unwanted spoofing.
Before making changes to DKIM using the Security & Compliance Center, become comfortable with the technology and how it works. To get started, see Beyond the basics: More ways to prevent spam in Office 365.
Safe Attachments
Safe Attachments is part of Advanced Threat Protection. When enabled, email attachments are opened in a special, isolated environment that is separate from Office 365 before they are sent to recipient inboxes. Safe Attachments is designed to help detect malicious attachments even before anti-virus signatures are available. To learn more, see Safe Attachments in Office 365.
Safe Links
Safe Links is part of Advanced Threat Protection. Safe Links help prevent users from following URLs in email or in Office documents that point to web sites that are recognized as malicious. To learn more, see Safe Links in Office 365.
Set up Quarantine for incoming email messages in Office 365 where messages that have been filtered as spam, bulk, phishing, and malware mail can be kept for later review. Both users and admins can work with quarantined messages. Users can work with just their own filtered messages in quarantine. Admins can search for and manage quarantined messages for all users.
Advanced threats
View the Threat Protection Status report to see information about the malicious content found and blocked by Exchange Online Protection and Advanced Threat Protection.