Microsoft Defender for Office 365 service description

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats to email and collaboration tools, like phishing, business email compromise, and malware attacks. Defender for Office 365 also provides investigation, hunting, and remediation capabilities to help security teams efficiently identify, prioritize, investigate, and respond to threats.

The following are the primary ways you can use Defender for Office 365 for message protection:

  • In a Defender for Office 365 filtering-only scenario, Defender for Office 365 provides cloud-based email protection for your on-premises Exchange Server environment or any other on-premises SMTP email solution.

  • Defender for Office 365 can be enabled to protect Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online service description.

  • In a hybrid deployment, Defender for Office 365 can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.

Available plans

For detailed plan information on subscriptions that enable users for Microsoft Defender for Office 365, see the full subscription comparison table.

Feature availability

The following table lists the major Microsoft Defender for Office 365 features available across plans. Certain caveats apply. See the footnotes for further information. This table may change without notice. For the most up-to-date, complete list of Microsoft Defender for Office 365 features across plans, see Microsoft Defender for Office 365 Features service description.

Feature Defender for Office 365 Plan 1 Defender for Office 365 Plan 2 Microsoft 365 E5 / A5 Security
Configuration, protection, and detection
Preset security policies and Configuration Analyzer Yes Yes Yes
Safe Attachments Yes Yes Yes
Safe Attachments in Teams Yes Yes Yes
Safe Links Yes Yes Yes
Safe Documents No No Yes
Safe Links in Teams Yes Yes Yes
Report Message Add-In Yes Yes Yes
Protection for SharePoint, OneDrive, and Microsoft Teams Yes Yes Yes
Anti-phishing policies Yes Yes Yes
Real-time reports Yes Yes Yes
Advanced protection for internal mail Yes Yes Yes
Automation, investigation, remediation, and education
Threat Trackers No Yes Yes
Campaign Views No Yes Yes
Threat investigation (advanced threat investigation) Real-time detections Explorer Explorer
Automated investigation & response  No Yes Yes
Attack simulation training No Yes Yes
Integration with Microsoft 365 Defender No Yes Yes

Note

Microsoft Defender for Office 365 is a component of Microsoft 365 Defender. For more information on automated cross-domain security with Microsoft 365 Defender, see Microsoft 365 Defender requirements.

Learn more

For more information about Microsoft Defender for Office 365, check out the following resources:

Licensing terms

For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.

For Microsoft Defender for Office 365 Plan 1 tenants, licenses must be acquired for users or mailboxes falling under one or more of the following scenarios:

  • Any user that accesses a mailbox that benefits from Defender for Office 365 protections.
  • Shared mailboxes that benefit from Defender for Office 365 protections.
  • If Safe Attachments protection for SharePoint, OneDrive for Business, or Teams is turned on, all users that access SharePoint, OneDrive for Business, or Teams.
  • Any user that uses Microsoft 365 Apps or Teams when Safe Links protections are enabled.

For Microsoft Defender for Office 365 Plan 2 tenants, licenses must be acquired for users or mailboxes falling under one or more of the following scenarios:

  • All Exchange Online users on the tenant. This is because Plan 2 features and capabilities protect all users in the tenant.
  • All shared mailboxes on the tenant.
  • If Safe Attachments protection for SharePoint, OneDrive for Business, or Teams is turned on, all users that access SharePoint, OneDrive for Business, or Teams.
  • Any user that uses Microsoft 365 Apps or Teams when Safe Links protections are enabled.

Note

Office 365 E5, Microsoft 365 E5 Security, and Microsoft 365 E5 include Microsoft Defender for Office P2 licenses, and Microsoft 365 Business Premium includes Microsoft Defender for Office 365 P1 licenses.

Messaging

To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message Center. For more information, see Message center.

Accessibility

Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center.