What is it?
Microsoft Defender for Office 365 offers a robust suite of features designed to protect organizational communication and collaboration from advanced threats. Key functionalities include Safe Attachments, which uses machine learning to detect and neutralize unknown malware in email attachments, and Safe Links, which provides time-of-click verification of URLs within emails and Office documents to guard against malicious links.
Additionally, the service offers Safe Documents, leveraging Microsoft Defender for Endpoint to scan documents opened in Protected View. It also includes features for anti-phishing, anti-spam, and protection against business email compromise. It extends beyond email to safeguard collaboration tools like Microsoft Teams, SharePoint, and OneDrive. For organizations, it provides detailed reporting, threat hunting, automated investigation, and response capabilities, ensuring a comprehensive defense against cyber threats
Licensing
| Defender for Office 365 365 Plan 1 | € 1.87 excl. BTW |
| Defender for Office 365 365 Plan 2 | € 4.09 excl. BTW |
- Defender for Office 365 365 Plan 1: Included in some Microsoft 365 subscriptions with Exchange Online mailboxes that cater to small to medium-sized businesses (for example, Microsoft 365 Business Premium).
- Defender for Office 365 365 Plan 2: Included in some Microsoft 365 subscriptions with Exchange Online mailboxes that cater to enterprise organizations (for example, Microsoft 365 E5, Microsoft 365 A5, and Microsoft 365 GCC G5).
Microsoft 365 Business Premium VS Microsoft Defender voor Office 365
| Feature | EOP | Defender for Office 365 Plan 1 | Defender for Office 365 Plan 2 | Microsoft 365 Business Premium |
| Prevent / Detect | ||||
| User and domain impersonation protection | X | X | X | |
| Mailbox intelligence impersonation protection | X | X | X | |
| Advanced phishing thresholds | X | X | X | |
| Safe Attachments in email | X | X | X | |
| Safe Attachments for files in SharePoint, OneDrive, and Microsoft Teams | X | X | X | |
| Safe Links in email, Office clients, and Teams | X | X | X | |
| Email & collaboration alerts | X | X | X | |
| SIEM integration API for alerts | X | X | X | |
| Attack simulation training | X | |||
| Investigate | ||||
| Real-time detections | X | X | X | |
| The Email entity page | X | X | X | |
| SIEM integration API for detections | X | X | X | |
| URL trace | X | X | X | |
| Defender for Office 365 reports | X | X | X | |
| Threat Explorer (Explorer) instead of Real-time detections. | X | |||
| Threat Trackers | X | |||
| Campaigns | X | |||
| Respond | ||||
| Automated Investigation and Response (AIR): – AIR from Threat Explorer – AIR for compromised users | X | |||
| SIEM Integration API for Automated Investigations | X |
Indeed, you’re on the right track! The key differences between Plan 1 (P1) and Plan 2 (P2) lie in the addition of advanced security features in P2. Specifically around threat investigation and remediation. P2 provides more granular control to identify suspicious activities, investigate threats effectively, and respond quickly and accurately1. While P1 offers an optimal and economical solution. P2 is suitable for organizations with extensive security requirements or those dealing with sensitive data.