Microsoft did not have the best reputation for built-in security in its earlier days. Fortunately, the company has made huge strides and significantly improved how Windows and its other products are protected. One example of this is Microsoft Defender for Office 365. While many business users may not be familiar with this name (it is a rebranding of Office 365 Advanced Threat Protection), this software is vital for a business's cybersecurity. The following are a few key facts to know.

1. Microsoft Defender for Office 365 Is the Security Solution for Office Users

First and foremost, Office users should know what Defender for Office 365 is. Many people may confuse it with Windows Security (previously known as Microsoft Defender Antivirus or Windows Defender). However, this is a separate product focused solely on security for Office 365 and its cloud-based solutions.

O365 Defender security solutions primarily focus on enterprise email accounts and help to defend against attacks and remediate any attacks that occur. There are different tiers of this security software to help with the budgetary and feature needs of different organizations.

In general, using cloud-based solutions such as Office 365 significantly increase security compared to on-premises environments, especially for customers without dedicated security teams. However, those security benefits only apply when the solutions are configured correctly. Thus, Microsoft is working to ensure that customers have better configurations by default.

If you'd like to find out more about bringing cloudficiency to your project, reach out to us.

2. Microsoft Is Rolling Out Built-In Protection To Apply Default Security

In November 2021, Microsoft announced that it was rolling out a feature called Built-In Protection. This automatically enables recommended settings and policies to help maximize security. One of the critical security challenges faced by Microsoft is that many customers don’t know how to set up appropriate security configurations. While consumers are often happy to just leave the defaults, many commercial customers weaken security by implementing their own settings.

The goal of Microsoft Web Protection is to maximize security for commercial customers without interrupting the user experience. Microsoft has determined that many security features remain unimplemented by customers due to oversight rather than affirmative choice. By rolling out these new defaults, the Office 365 security team hopes to significantly improve the security experience of many commercial customers.

The rollout schedule for Built-In Protection began in November, with multi-tenant customers receiving the update first. Microsoft announced that the rollout would continue through the end of 2021, reaching general availability during December.

3. There Are Different Levels of Security Offered by Microsoft Defender for Office 365

Depending on the subscription chosen, teams have access to different security tools. These are the three tiers:

• Exchange Online Protection: This is the basic level of protection. It focuses on preventing major, known threats via email. Every subscription with Exchange Online mailboxes has at least EOP security available. However, many organizations may need additional protection.
• Microsoft Defender for Office 365 Plan 1: This enhanced version of Office 365 security extends EOP by adding more proactive security solutions. Plan 1 helps defend against zero-day threats with rapid detection technologies.
• Microsoft Defender for Office 365 Plan 2: The final level of security adds investigation and response solutions. It is intended for organizations that need to have a well-defined threat response process. Plan 2 even offers automation and simulation solutions.

4. Despite the Rollout, Teams Will Have the Option To Skip the New Defaults

The Built-In Protection rollout is intended to improve general Office 365 security by improving the default security settings and requiring at least those defaults for most customers. It will also protect customers in new domains added to a tenant. However, organizations can make exceptions to the new security for specific users and groups. This will enable teams with special requirements that may conflict with those settings to avoid any interruptions.

While some users may protest against implementing new defaults and automatic changes to their configurations, this is likely a positive change that nearly all should opt into. Nonetheless, it is likely a relief to some that there are exception options.

To learn about O365 Mobile Device Management License visit, O365CloudExperts.