Office 365 安全性概觀Office 365 Security overview

適用於Applies to

本文將向您介紹雲端中新的安全性屬性。This article will introduce you to your new security properties in the Cloud. 無論您是安全性作業中心的一員、該空間的新安全性系統管理員,還是想要進修的人員,讓我們開始吧。Whether you're part of a Security Operations Center, you're a Security Administrator new to the space, or you want a refresher, let's get started.

警告

如果您使用 Outlook.comMicrosoft 365 家用版Microsoft 365 個人版,並且需要 安全連結安全附件 資訊,按一下這個連結適用於 Microsoft 365 訂閱者的進階 Outlook.com 安全性If you're using Outlook.com, Microsoft 365 Family, or Microsoft 365 Personal, and need Safe Links or Safe Attachments info, click this link: Advanced Outlook.com security for Microsoft 365 subscribers.

闡明 Office 365 安全性Office 365 security spelled out

每個 Office 365 訂閱都隨附安全性功能。Every Office 365 subscription comes with security capabilities. 您可以採取的目標與動作取決於這些不同訂閱的焦點。The goals and actions that you can take depend on the focus of these different subscriptions. 在 Office 365 安全性中,有三個主要安全性服務 (或產品) 繫結至您的訂閱類型:In Office 365 security, there are three main security services (or products) tied to your subscription type:

  1. Exchange Online Protection (EOP)Exchange Online Protection (EOP)
  2. 適用於 Office 365 的 Microsoft Defender 方案 1 (適用於 Office 的 Defender P1)Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
  3. 適用於 Office 365 的 Microsoft Defender 方案 2 (適用於 Office 的 Defender P2)Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)

注意

如果您購買了訂閱,而且需要 「立即」 推出安全性功能,請跳到 防範威脅一文中的步驟。If you bought your subscription and need to roll out security features right now, skip to the steps in the Protect Against Threats article. 如果您是訂閱的新手,並且想在開始之前先知道您的授權,請瀏覽 Microsoft 365 系統管理中心的 [計費] > [您的產品]。If you're new to your subscription and would like to know your license before you begin, browse Billing > Your Products in the Microsoft 365 admin center.

Office 365 安全性建立在 EOP 提供的核心保護上。Office 365 security builds on the core protections offered by EOP. EOP 存在於任何可找到 Exchange Online 信箱的訂閱中 (請記住,這裡討論的所有安全性產品都是雲端式)。EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based).

您可能會習慣以下列方式來討論這三個元件:You may be accustomed to seeing these three components discussed in this way:

EOPEOP 適用於 Office 365 的 Microsoft Defender P1Microsoft Defender for Office 365 P1 適用於 Office 365 的 Microsoft Defender P2Microsoft Defender for Office 365 P2
防止廣泛、以大量為基礎的已知攻擊。Prevents broad, volume-based, known attacks. 保護電子郵件和共同作業,避免零時差惡意程式碼、網路釣魚和商務電子郵件洩露。Protects email and collaboration from zero-day malware, phish, and business email compromise. 新增入侵後調查、搜捕和回應,以及自動化和模擬 (適用於訓練)。Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).

但是就架構而言,讓我們先將每個部分視為累積式安全性層,每個都強調安全性。But in terms of architecture, let's start by thinking of each piece as cumulative layers of security, each with a security emphasis. 更多類似項目:More like this:

EOP 和適用於 Office 365 的 Microsoft Defender 及其彼此之間的關係,強調服務,包括電子郵件驗證的注意事項。

雖然這些服務都強調保護、偵測、調查及回應之間的目標,所有 _ 服務都可以執行保護、偵測、調查及回應的 任何 目標。Though each of these services emphasizes a goal from among Protect, Detect, Investigate, and Respond, all _ the services can carry out _ any of the goals of protecting, detecting, investigating, and responding.

Office 365 安全性的核心是 EOP 保護。The core of Office 365 security is EOP protection. 適用於 Office 365 的 Microsoft Defender P1 在其中包含 EOP。Microsoft Defender for Office 365 P1 contains EOP in it. 適用於 Office 365 的 Defender P2 包含 P1 和 EOP。Defender for Office 365 P2 contains P1 and EOP. 結構是累積的。The structure is cumulative. 這就是為什麼在設定此產品時,您應該從 EOP 開始,然後使用適用於 Office 365 的 Defender。That's why, when configuring this product, you should start with EOP and work to Defender for Office 365.

雖然電子郵件驗證組態是在公用 DNS 中執行,但設定此功能有助於防範詐騙,Though email authentication configuration takes place in public DNS, it's important to configure this feature to help defend against spoofing. 如果您有 EOP, 您應該 設定電子郵件驗證If you have EOP, you should configure email authentication.

如果您有 Office 365 E3 或以下版本,表示您擁有 EOP,但是可選擇透過升級購買獨立版適用於 Office 365 的 Defender P1。If you have an Office 365 E3, or below, you have EOP, but with the option to buy standalone Defender for Office 365 P1 through upgrade. 如果您有 Office 365 E5,表示您已經有適用於 Office 365 的 Defender P2。If you have Office 365 E5, you already have Defender for Office 365 P2.

提示

如果您的訂閱不是 Office 365 E3 或 E5,您仍然可以檢查您是否有升級至適用於 Office 365 的 Microsoft Defender P1 的選項。If your subscription is neither Office 365 E3 or E5, you can still check to see if you have the option to upgrade to Microsoft Defender for Office 365 P1. 如果您有興趣,此網頁列出適用於 Office 365 的 Microsoft Defender P1 升級的訂閱 (請查看頁面結尾以取得詳細內文)。If you're interested, this webpage lists subscriptions eligible for the Microsoft Defender for Office 365 P1 upgrade (check the end of the page for the fine-print).

Office 365 安全性階梯,從 EOP 到適用於 Office 365 的 Microsoft DefenderThe Office 365 security ladder from EOP to Microsoft Defender for Office 365

EOP 和適用於 Office 365 的 Microsoft Defender 及其安全性強調,從保護與偵測到調查與回應。

重要

在以下頁面了解詳細資料:Exchange Online Protection適用於 Office 365 的 DefenderLearn the details on these pages: Exchange Online Protection, and Defender for Office 365.

新增適用於 Office 365 的 Microsoft Defender 方案對於純粹 EOP 威脅管理是優點,乍看之下難以察覺。What makes adding Microsoft Defender for Office 365 plans an advantage to pure EOP threat management can be difficult to tell at first glance. 為了協助找出適合貴組織的升級路徑,讓我們看看每個產品的功能:To help sort out if an upgrade path is right for your organization, let's look at the capabilities of each product when it comes to:

  • 防止和偵測威脅preventing and detecting threats
  • 調查investigating
  • 回應responding

Exchange Online Protection 開始:starting with Exchange Online Protection:

防止/偵測Prevent/Detect 調查Investigate 回應Respond
技術包括:Technologies include:
  • 垃圾郵件spam
  • 網路釣魚phish
  • 惡意程式碼malware
  • 大宗郵件bulk mail
  • 詐騙智慧spoof intelligence
  • 模擬偵測impersonation detection
  • 系統管理員隔離Admin Quarantine
  • 系統管理員和使用者提交的誤判和誤否定Admin and user submissions of False Positives and False Negatives
  • 允許/封鎖 URL 和檔案Allow/Block for URLs and Files
  • 報告Reports
  • 稽核記錄搜尋Audit log search
  • 郵件追蹤Message Trace
  • 零時差自動清除 (ZAP)Zero-hour Auto-Purge (ZAP)
  • 允許和封鎖清單的精簡與測試Refinement and testing of Allow and Block lists
  • 如果您想要深入了解 EOP,請 進入本文If you want to dig in to EOP, jump to this article.

    由於這些產品是累積的,因此如果您評估適用於 Office 365 的 Microsoft Defender P1 並決定訂閱,您將新增這些能力。Because these products are cumulative, if you evaluate Microsoft Defender for Office 365 P1 and decide to subscribe to it, you'll add these abilities.

    適用於 Office 365 的 Defender 方案 1 一併取得 (目前為止):Gains with Defender for Office 365, Plan 1 (to date):

    防止/偵測Prevent/Detect 調查Investigate 回應Respond
    技術包含 EOP 中的所有項目,再加上:Technologies include everything in EOP plus:
  • 安全附件Safe attachments
  • 安全連結Safe links
  • 適用於 Office 365 的 Microsoft Defender 工作負載保護 (例如Microsoft Defender for Office 365 protection for workloads (ex. SharePoint Online、Teams、商務用 OneDrive)SharePoint Online, Teams, OneDrive for Business)
  • 電子郵件、Office 用戶端和 Teams 中的點擊時保護Time-of-click protection in email, Office clients, and Teams
  • 適用於 Office 365 的 Defender 中的反網路釣魚anti-phishing in Defender for Office 365
  • 使用者和網域模擬保護User and domain impersonation protection
  • 警示和警示的 SIEM 整合 APIAlerts, and SIEM integration API for alerts
  • 適用於偵測的 SIEM 整合 APISIEM integration API for detections
  • 即時偵測工具Real-time detections tool
  • URL 追蹤URL trace
  • 相同Same
  • 因此,適用於 Office 365 的 Microsoft Defender P1 會在房屋擴展 防止 _ 端,並且新增額外形式的 _偵測**。So, Microsoft Defender for Office 365 P1 expands on the prevention _ side of the house, and adds extra forms of _detection**.

    適用於 Office 365 的 Microsoft Defender P1 也會為調查新增 即時偵測Microsoft Defender for Office 365 P1 also adds Real-time detections for investigations. 此威脅搜捕工具的名稱是粗體,因為清楚標示即表示您 知道 您有適用於 Office 365 的 Defender P1。This threat hunting tool's name is in bold because having it is clear means of knowing you have Defender for Office 365 P1. 它不會出現在適用於 Office 365 的 Defender P2 中。It doesn't appear in Defender for Office 365 P2.

    適用於 Office 365 的 Defender 方案 2 一併取得 (目前為止):Gains with Defender for Office 365, Plan 2 (to date):

    防止/偵測Prevent/Detect 調查Investigate 回應Respond
    技術包括 EOP 中的所有項目和適用於 Office 365 的 Microsoft Defender P1,再加上:Technologies include everything in EOP, and Microsoft Defender for Office 365 P1 plus:
  • 相同Same
  • 威脅總管Threat Explorer
  • 威脅追蹤工具Threat Trackers
  • 行銷活動檢視Campaign views
  • 自動調查及回應 (AIR)Automated Investigation and Response (AIR)
  • 威脅總管的 AIRAIR from Threat Explorer
  • 適用於遭到入侵之使用者的 AIRAIR for compromised users
  • 適用於自動化調查的 SIEM 整合 APISIEM Integration API for Automated Investigations
  • 因此,適用於 Office 365 的 Microsoft Defender P2 會擴展房屋的 調查與回應 端,並且新增新的搜捕強度。So, Microsoft Defender for Office 365 P2 expands on the investigation and response side of the house, and adds a new hunting strength. 自動化。Automation.

    在適用於 Office 365 的 Microsoft Defender P2 中,主要搜捕工具稱為 威脅總管,而非即時偵測。In Microsoft Defender for Office 365 P2, the primary hunting tool is called Threat Explorer rather than Real-time detections. 如果您在瀏覽至安全性中心時看到威脅總管,表示您位於適用於 Office 365 的 Microsoft Defender P2 中。If you see Threat Explorer when you navigate to the Security center, you're in Microsoft Defender for Office 365 P2.

    若要了解適用於 Office 365 的 Microsoft Defender P1 和 P2 的詳細資料,請 進入本文To get into the details of Microsoft Defender for Office 365 P1 and P2, jump to this article.

    提示

    對於使用者來說,EOP 和適用於 Office 365 的 Microsoft Defender 也不同。EOP and Microsoft Defender for Office 365 are also different when it comes to end-users. 在 EOP 和適用於 Office 365 的 Defender P1 中,焦點是 感知,因此這兩個服務包括 報告訊息 Outlook 增益集,讓使用者能夠報告發現可疑的電子郵件,以便進一步分析。In EOP and Defender for Office 365 P1, the focus is awareness, and so those two services include the Report message Outlook add-in so users can report emails they find suspicious, for further analysis.

    在適用於 Office 365 的 Defender P2 (其中包含 EOP 中的所有項目和 P1) 中,焦點會轉移到適用於使用者的 進一步訓練,因此安全性作業中心可以存取功能強大的 威脅模擬器 工具,以及它提供的使用者計量。In Defender for Office 365 P2 (which contains everything in EOP and P1), the focus shifts to further training for end-users, and so the Security Operations Center has access to a powerful Threat Simulator tool, and the end-user metrics it provides.

    適用於 Office 365 的 Microsoft Defender 方案 1 與方案 2 速查表Microsoft Defender for Office 365 Plan 1 vs. Plan 2 cheat sheet

    此快速參考可協助您了解每個適用於 Office 365 的 Microsoft Defender 訂閱提供哪些功能。This quick-reference will help you understand what capabilities come with each Microsoft Defender for Office 365 subscription. 結合您對於 EOP 功能的知識,它可以協助企業決策者判斷哪些適用於 Office 365 的 Microsoft Defender 最符合其需求。When combined with your knowledge of EOP features, it can help business decision makers determine what Microsoft Defender for Office 365 is best for their needs.

    適用於 Office 365 的 Defender 方案 1Defender for Office 365 Plan 1 適用於 Office 365 的 Defender 方案 2Defender for Office 365 Plan 2
    設定、保護和偵測功能:Configuration, protection, and detection capabilities: 適用於 Office 365 的 Defender 方案 1 的功能Defender for Office 365 Plan 1 capabilities

    --- 以及 ------ plus ---

    自動化、調查、補救和教育功能:Automation, investigation, remediation, and education capabilities:

    • 適用於 Office 365 的 Microsoft Defender 方案 2 隨附於 Office 365 E5、Office 365 A5 和 Microsoft 365 E5。Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.

    • 適用於 Office 365 的 Microsoft Defender 方案 1 隨附於 Microsoft 365 商務進階版。Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.

    • 適用於 Office 365 的 Microsoft Defender 方案 1 和適用於 Office 365 的 Defender 方案 2 均以附加元件形式為特定訂閱提供。Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. 若要深入了解,請參閱另一個連結:適用於 Office 365 的 Microsoft Defender 方案的功能可用性To learn more, here's another link Feature availability across Microsoft Defender for Office 365 plans.

    • 安全文件功能僅可供具備 Microsoft 365 E5 或 Microsoft 365 E5 安全性授權 (未包含在適用於 Office 365 的 Microsoft Defender 方案中) 的使用者使用。The Safe Documents feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).

    • 如果您目前的訂閱未包含適用於 Office 365 的 Microsoft Defender 而且您想要取得,請與銷售人員連絡以開始試用,並了解適用於 Office 365 的 Microsoft Defender 可以如何在您的組織中運作。If your current subscription doesn't include Microsoft Defender for Office 365 and you want it, contact sales to start a trial, and find out how Microsoft Defender for Office 365 can work for in your organization.

    提示

    *測試人員提示 _.*Insider tip _. 您可以使用 docs.microsoft.com 目錄來了解 EOP 和適用於 Office 365 的 Microsoft Defender。You can use the docs.microsoft.com table of contents to learn about EOP and Microsoft Defender for Office 365. 瀏覽回 Office 365 安全性概觀這個頁面,您會注意到提要欄位中的目錄組織。Navigate back to this page, Office 365 Security overview, and you'll notice that table of contents organization in the side-bar. 它會從部署 (包括移轉) 開始,然後繼續進行防護、偵測、調查及回應。It begins with Deployment (including migration) and then continues into prevention, detection, investigation, and response.

    此結構會分成 _ 安全性管理* 主題,後面接著 安全性作業 主題。This structure is divided so that _ Security Administration* topics are followed by Security Operations topics. 如果您是任一作業角色的新成員,請使用此提示中的連結,以及您對於目錄的知識,來協助了解空間。If you're a new member of either job role, use the link in this tip, and your knowledge of the table of contents, to help learn the space. 請記得在進行時使用 意見反應連結 並且 為文章評分Remember to use feedback links and rate articles as you go. 意見反應可協助我們改進我們為您提供的項目。Feedback helps us improve what we offer you.

    接下來要前往何處Where to go next

    如果您是安全性系統管理員,您可能需要為郵件設定 DKIM 或 DMARC。If you're a Security Admin, you may need to configure DKIM or DMARC for your mail. 您可能會想要為優先使用者推出「嚴格」安全性預先設定,或尋找產品中的新功能。You may want to roll out 'Strict' security presets for your priority users, or look for what's new in the product. 或者,如果您使用安全性作業,您可能想要利用即時偵測或威脅總管來調查及回應,或使用攻擊模擬器來訓練使用者偵測。Or if you're with Security Ops, you may want to leverage Real-time detections or Threat Explorer to investigate and respond, or train end-user detection with Attack Simulator. 無論是哪種方式,以下是一些接下來要查看的其他建議。Either way, here are some additional recommendations for what to look at next.

    電子郵件驗證,包括 SPF、DKIM 和 DMARC (包含全部三個設定的連結)Email Authentication, including SPF, DKIM, and DMARC (with links to setup of all three)

    查看特定建議的「黃金」設定使用建議的預設來快速設定安全性原則See the specific recommended 'golden' configs and use their recommended presets to configure security policies quickly

    了解適用於 Office 365 的 Microsoft Defender 新功能 (包括 EOP 開發)Catch up on what's new in Microsoft Defender for Office 365 (including EOP developments)

    使用威脅總管或即時偵測Use Threat Explorer or Real-time detections

    使用適用於 Office 365 的 Microsoft Defender 中的攻擊模擬器Use Attack Simulator in Microsoft Defender for Office 365