Microsoft Defender for Office 365Microsoft Defender for Office 365

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

重要

本文适用于拥有 Microsoft Defender for Office 365的企业客户。This article is intended for business customers who have Microsoft Defender for Office 365. 如果你使用的是 Outlook.com、Microsoft 365 家庭版或 Microsoft 365 个人版,并且正在查找有关 Outlook 中安全链接或安全附件的信息,请参阅适用于 Microsoft 365 订阅者的高级 Outlook.com 安全机制If you are using Outlook.com, Microsoft 365 Family, or Microsoft 365 Personal, and you're looking for information about Safe Links or Safe Attachments in Outlook, see Advanced Outlook.com security for Microsoft 365 subscribers.

Microsoft Defender for Office 365 可保护你的组织免受电子邮件、链接 (URL) 和协作工具带来的恶意威胁。Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 包括:Defender for Office 365 includes:

Microsoft Defender for Office 365 的交互式指南Interactive guide to Microsoft Defender for Office 365

在此交互式指南中,你将了解如何使用 Microsoft Defender for Office 365 保护组织。In this interactive guide you'll learn how to safeguard your organization with Microsoft Defender for Office 365. 你将了解 Office 365 的 Defender 如何帮助你定义保护策略、分析组织面临的威胁以及响应攻击。You'll see how Defender for Office 365 can help you define protection policies, analyze threats to your organization, and respond to attacks.

请查看交互指南Check out the interactive guide

开始使用Getting Started

如果你没有使用过 Microsoft Defender for Office 365 或者“ 中学”,则可将初始 Defender for Office 365 配置分解为区块、调查以及使用此文章作为参考查看报告,从而获得最佳益处。If you're new to Microsoft Defender for Office 365 or learn best by doing, you may benefit from breaking initial Defender for Office 365 configuration into chunks, investigating, and viewing reports using this article as a reference. 下面是逻辑早期配置块:Here are logical early configuration chunks:

  • 为所有内容的名称配置“anti”。Configure everything with 'anti' in the name.
    • 反恶意软件anti-malware
    • 防网络钓鱼anti-phishing
    • 反垃圾邮件anti-spam
  • 为所有内容的名称设置“safe”。Set up everything with 'safe' in the name.
    • 安全链接Safe Links
    • 安全附件Safe Attachments
  • 保护工作负载(例如Defend the workloads (ex. SharePoint Online、OneDrive 和 Teams)SharePoint Online, OneDrive, and Teams)
  • 通过零时差自动清除进行保护Protect with Zero-Hour auto purge

若要做中学,请单击此链接To learn by doing, click this link.

备注

Microsoft Defender for Office 365 有两种不同计划类型。Microsoft Defender for Office 365 comes in two different Plan types. 如果你具有“实时检测”功能,则可以判断你是否拥有 计划 1;如果具有威胁资源管理器,则可以判断是否拥有 计划 2You can tell if you have Plan 1 if you have 'Real-time Detections', and Plan 2, if you have Threat Explorer. 你拥有的计划会影响你将看到的工具,因此请确保在学习过程中了解自己的计划。The Plan you have influences the tools you will see, so be certain that you're aware of your Plan as you learn.

Microsoft Defender for Office 365 计划 1 和计划 2Microsoft Defender for Office 365 Plan 1 and Plan 2

下表概括了每个计划中包含的内容。The following table summarizes what's included in each plan.


Microsoft Defender for Office 365 计划 1Microsoft Defender for Office 365 Plan 1 Microsoft Defender for Office 365 计划 2Microsoft Defender for Office 365 Plan 2
配置、保护和检测功能:Configuration, protection, and detection capabilities: Microsoft Defender for Office 365 计划 1 功能Microsoft Defender for Office 365 Plan 1 capabilities
--- + ------ plus ---
自动化、调查、补救措施和教育功能:Automation, investigation, remediation, and education capabilities:
  • Office 365 E5、Office 365 A5、Microsoft 365 E5 安全性和 Microsoft 365 E5 中包含 Microsoft Defender for Office 365 计划 2。Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, Microsoft 365 E5 Security, and Microsoft 365 E5.

  • Microsoft Defender for Office 365 计划 1 包含在 Microsoft 365 商业高级版中。Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.

  • Microsoft Defender for Office 365 计划 1 和 Microsoft Defender for Office 365 计划 2 均可用作特定订阅的加载项。Microsoft Defender for Office 365 Plan 1 and Microsoft Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. 若要了解详细信息,请参阅Microsoft Defender for Office 365 计划的功能可用性To learn more, see Feature availability across Microsoft Defender for Office 365 plans.

  • 只有拥有 Microsoft 365 E5 或 Microsoft 365 E5 安全性许可证(未包括在 Microsoft Defender for Office 365 计划内)的用户才能使用安全文档功能。The Safe Documents feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).

  • 如果你当前的订阅不包括 Microsoft Defender for Office 365,请与销售人员联系以开始试用,并查看 Defender for Office 365 如何为你的组织所用。If your current subscription does not include Microsoft Defender for Office 365, contact sales to start a trial, and see how Defender for Office 365 can work for your organization.

配置 Microsoft Defender for Office 365 策略Configure Microsoft Defender for Office 365 policies

借助 Microsoft Defender for Office 365,你组织的安全团队可以在安全与合规中心内定义策略(依次转到 https://protection.office.com > “威胁管理”>“策略”),从而配置保护。With Microsoft Defender for Office 365, your organization's security team can configure protection by defining policies in the Security & Compliance Center (Go to https://protection.office.com > Threat management > Policy.)

观看此视频了解更多信息。Learn more by watching this video.

提示

有关可定义的策略的快速列表,请参阅威胁防护For a quick list of policies to define, see Protect against threats.

Defender for Office 365 策略Defender for Office 365 Policies

为组织定义的策略将确定预定义威胁的行为和保护级别。The policies that are defined for your organization determine the behavior and protection level for predefined threats. 策略选项非常灵活。Policy options are extremely flexible. 例如,组织的安全团队可以在用户、组织、收件人和域级别设置细化的威胁防护。For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. 定期查看策略非常重要,因为每天都会出现新的威胁和挑战。It is important to review your policies regularly because new threats and challenges emerge daily.

查看 Microsoft Defender for Office 365 报告View Microsoft Defender for Office 365 reports

Microsoft Defender for Office 365 包括高级 报告仪表板 以监视你的 Defender for Office 365 性能。Microsoft Defender for Office 365 includes an advanced reporting dashboard to monitor your Defender for Office 365 performance. 可在安全与合规中心的“报告”>“仪表板”处访问该内容。You can access it at Reports > Dashboard in the Security & Compliance Center.

实时更新报告,为你提供最新见解。Reports update in real-time, providing you with the latest insights. 这些报告还提供建议并向你提醒即将面临的威胁。These reports also provide recommendations and alert you to imminent threats. 预定义的报告包括以下内容:Predefined reports include the following:

使用威胁调查和响应功能Use threat investigation and response capabilities

Microsoft Defender for Office 365 计划 2 包括同类最佳的威胁调查和响应工具,可让组织的安全团队预测、理解和防范恶意攻击。Microsoft Defender for Office 365 Plan 2 includes best-of-class threat investigation and response tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.

  • 威胁跟踪器 提供有关主流网络安全问题的最新智能。Threat trackers provide the latest intelligence on prevailing cybersecurity issues. 例如,你可以查看有关最新恶意软件的信息,并采取措施,然后将其作为组织的实际威胁。For example, you can view information about the latest malware, and take countermeasures before it becomes an actual threat to your organization. 可用的跟踪器包括值得注意的跟踪器趋势跟踪器跟踪的查询已保存的查询Available trackers include Noteworthy trackers, Trending trackers, Tracked queries, and Saved queries.

  • 威胁资源管理器(或实时检测) 也称为“资源管理器”,它是一种实时报表,可用于识别和分析最近的威胁。Threat Explorer (or real-time detections) (also referred to as Explorer) is a real-time report that allows you to identify and analyze recent threats. 可配置资源管理器显示自定义期间的数据。You can configure Explorer to show data for custom periods.

  • 攻击仿真程序 使你能够在组织中运行现实的攻击方案以确定漏洞。Attack Simulator allows you to run realistic attack scenarios in your organization to identify vulnerabilities. 可仿真当前类型的攻击,包括鱼叉式网络钓鱼凭据收集和附件攻击、密码喷射攻击和暴力密码攻击。Simulations of current types of attacks are available, including spear phishing credential harvest and attachment attacks, and password spray and brute force password attacks.

节省自动调查和响应的时间Save time with automated investigation and response

新增!)调查可能的网络攻击时,时间至关重要。(NEW!) When you are investigating a potential cyberattack, time is of the essence. 越快地识别和缓解威胁,贵公司的状况就越好。The sooner you can identify and mitigate threats, the better off your organization will be. 自动调查和响应 (AIR) 功能包括一套可自动启动(例如触发预警时)或手动启动(例如从资源管理器中的视图启动)的安全手册。Automated investigation and response (AIR) capabilities include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Explorer. AIR 可以有效且高效地节省安全操作团队缓解威胁的时间和精力。AIR can save your security operations team time and effort in mitigating threats effectively and efficiently. 要了解详细信息,请参阅 Office 365 中的 AIRTo learn more, see AIR in Office 365.

使用 Microsoft Defender for Office 365 功能所需权限Permissions required to use Microsoft Defender for Office 365 features

若要访问安全与合规中心中的 Microsoft Defender for Office 365 功能,你必须分配有相应的角色。To access Microsoft Defender for Office 365 features in the Security & Compliance Center, you must be assigned an appropriate role. 下表提供一些示例:The following table includes some examples:

角色或角色组Role or role group 了解详细信息的资源Resources to learn more
全局管理员(可以在 Azure Active Directory 或安全与合规中心内分配此权限)global administrator (this can be assigned in either Azure Active Directory or in the Security & Compliance Center) 关于 Microsoft 365 管理员角色About Microsoft 365 admin roles
安全管理员(可以在 Azure Active Directory 或安全与合规中心内分配此权限)Security Administrator (this can be assigned in either Azure Active Directory or the Security & Compliance Center) Azure Active Directory 中的管理员角色权限Administrator role permissions in Azure Active Directory

安全与合规中心内的权限Permissions in the Security & Compliance Center

Exchange Online 组织管理(在 Exchange Online 中分配此权限)Exchange Online Organization Management (this is assigned in Exchange Online) Exchange Online 中的权限Permissions in Exchange Online

Exchange Online PowerShellExchange Online PowerShell

搜索和清除(仅在安全与合规中心内分配此权限)Search and Purge (this is assigned only in the Security & Compliance Center) 安全与合规中心内的权限Permissions in the Security & Compliance Center

有关详细信息,请参阅安全与合规中心中的权限For more information, see Permissions in the Security & Compliance Center.

获取 Microsoft Defender for Office 365Get Microsoft Defender for Office 365

Microsoft Defender for Office 365 包含在特定订阅中,如 Microsoft 365 E5、Office 365 E5、Office 365 A5 和 Microsoft 365 商业高级版。Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium. 如果你的订阅不包含 Defender for Office 365,可以购买 Defender for Office 365 计划 1 或 Defender for Office 365 计划 2 作为特定订阅的加载项。If your subscription does not include Defender for Office 365, you can purchase Defender for Office 365 Plan 1 or Defender for Office 365 Plan 2 as an add-on to certain subscriptions. 若要了解详细信息,请参阅以下资源:To learn more, see the following resources:

Microsoft Defender for Office 365 中的新增功能New features in Microsoft Defender for Office 365

新功能持续添加到 Microsoft Defender for Office 365 中。New features are added to Microsoft Defender for Office 365 continually. 若要了解详细信息,请参阅以下资源:To learn more, see the following resources:

另请参阅See also