Microsoft 365 Security with Microsoft Defender for Office 365: More Protection, Less Spam

Kris WilkinsonMay 10, 2024

Email remains a primary channel for cyberattacks, from phishing scams to malware-laden attachments. Microsoft 365’s built-in spam filtering provides a solid first line of defence, but some threats inevitably slip through. For organizations seeking more protection, Microsoft offers Microsoft Defender for Office 365 (previously known as ATP) to provide an additional layer of robust security.

In this article, we’ll dive deep into how Microsoft Defender strengthens your security posture, why it’s essential for organizations of all sizes, and how you can use it to safeguard not only your email communications but also other Microsoft 365 services like Microsoft Teams, SharePoint, and OneDrive.

What is Microsoft Defender for Office 365?

It’s important to remember that Microsoft Defender for Office 365 is an enhanced service that offers more security — it’s an extra (unless your Microsoft bundle already has it included). Microsoft Defender for Office 365 offers sophisticated detection methods that significantly reduce the risk of malicious content reaching your team. Its dynamic scoring, spoof intelligence, and customizable policies make it a powerful upgrade for organizations aiming to strengthen their overall security posture.

But Defender doesn’t stop at email security—it provides enhanced protection across multiple Microsoft 365 platforms like Microsoft Teams, SharePoint, and OneDrive, safeguarding your collaboration tools as well. By offering “Enhanced” spam filtering, anti-phishing, and collaboration protection, Microsoft Defender for 365 is a comprehensive security solution compared to the standard Microsoft 365 protection.

Here’s a quick comparison of what it offers versus the built-in spam protection:

Microsoft Defender for Office 365 comparison table.

Note: If you’re technical and would like more technical information on the enhanced spam filtering features described above, please see the end of this article.

Here are some of the most impactful enhancements:

  1. Stronger Spam Protection:

    • Uses machine learning algorithms and dynamic Spam Confidence Level (SCL) scoring to identify and filter spam emails with greater accuracy
    • Differentiates between legitimate bulk senders and potentially harmful or unwanted mass email campaigns
    • Detects attempts to spoof your domain or impersonate trusted senders
  2. Safe Links:
    • Scans and checks URLs in e-mail and other Microsoft Services to block access to malicious sites (e.g. a user clicks, they will be denied access if the site is harmful)
    • Provides time-of-click verification to block phishing attempts
  3. Safe Attachments:
    • Automatically scans attachments in a virtual environment to ensure they are safe
    • Blocks potentially harmful files from reaching your team
  4. Anti-Phishing:
    • Identifies and neutralizes sophisticated phishing campaigns
    • Offers spoof intelligence to detect and block impersonation attempts
  5. Enhanced Reporting:
    • Provides in-depth threat insights and trends
    • Offers actionable recommendations for improving your security posture

Do I need to purchase licensing?

If your organization uses Microsoft 365 Business Premium, you already have access to Microsoft Defender for Office 365 Plan 1. We enable this service for all clients with Business Premium licensing because of its extended security benefits.

If your current Microsoft licensing doesn’t include Plan 1 or 2, you can add them independently on top of your existing licensing. That said, we typically recommend businesses with less than 300 users leverage Microsoft 365 Business Premium licensing because it includes a bunch of important services like this. Plan 1 is a very reasonable upgrade that is suitable for most. Plan 2 makes sense for high-security environments.

Who Should Consider Microsoft Defender for Office 365?

Everyone. But, for the sake of being helpful:

  • Small and Medium-Sized Businesses (SMBs): Those handling sensitive client information or with limited IT security staff.
  • Enterprises: Organizations with a large attack surface need comprehensive protection and automated remediation.
  • Education and Nonprofits: Schools and nonprofits are often targeted due to lower security budgets.
  • Anyone Using Business Premium: Microsoft 365 Business Premium users have access to Defender features automatically, and it’s enabled for our clients to bolster security.

How to Enable Microsoft Defender for Office 365

The following instructions are high-level. We recommend consulting with your MSP or security partner before proceeding.

  1. Enable Defender Policies:
    • Log into the Microsoft 365 Defender portal at
    • Go to Email & Collaboration -> Policies & Rules -> Threat Policies
    • Configure Safe Links, Safe Attachments and Anti-Phishing policies
  2. Review Alerts and Incidents:
    • Navigate to “Incidents & Alerts” in the Defender portal.
    • Monitor and respond to suspicious activity.

For a comprehensive Microsoft Defender for Office 365 guide, visit Microsoft’s official service description. You’ll find in-depth details on each feature, comparisons, and configuration advice there.


Investing in Microsoft Defender for Office 365 is an excellent way to enhance your organization’s email security significantly. By proactively enhancing protection against phishing, malware, and impersonation attacks, it ensures that your team’s productivity isn’t disrupted by cyber threats. Make the most of this powerful tool and fortify your Microsoft 365 environment today!

If you would like help with this service, please reach out to us to discuss our Managed IT Services. We love protecting our clients.

Extra Info: Enhanced Spam Filtering Definitions (for you technical folks)

Microsoft Defender for 365 offers “Enhanced” spam filtering compared to the standard Microsoft 365 spam protection. Here’s a detailed look at the extended technical details:

  1. Advanced Heuristics:
    • Uses machine learning and advanced algorithms to identify unusual patterns in emails.
    • Detects common spam tactics like mass mailing and deceptive subject lines.
  2. Dynamic Spam Confidence Level (SCL):
    • Analyzes multiple layers of email metadata to assign a more accurate spam confidence level (SCL).
    • SCL scoring differentiates between varying spam levels, reducing false positives.
  3. Bulk Email Detection:
    • Distinguishes between legitimate bulk senders and potentially harmful or unwanted mass email campaigns.
    • Allows organizations to customize bulk email settings based on their preferences.
  4. Phishing Email Detection:
    • Identifies and filters phishing emails using advanced machine learning models.
    • Provides alerts and insights into detected phishing attempts.
  5. Spoof Intelligence:
    • Detects attempts to spoof your domain or impersonate trusted senders.
    • Provides actionable alerts and automatically quarantines suspicious emails.
  6. Customizable Spam Policies:
    • Enables admins to tailor spam filter settings for different user groups or departments.
    • Offers granular control over actions like quarantining, junk folder placement, or deleting emails.
  7. Expanded Quarantine Management:
    • Offers better control over quarantined emails, allowing admins to review, release, or block messages based on enhanced spam criteria.
  8. Anti-Spam Reporting:
    • Provides detailed reports on spam detection trends and suspicious senders.
    • Helps identify persistent spammers or recurring malicious campaigns.

Feel free to contact us if you want to learn more about how we can assist you or discuss our services further.