Cloud Technology & IT Security Specialists Ask a question 01223 921 000 Client Area

6 Reasons to use Defender for Office 365

Defender for Office 365 is an excellent Advanced Threat Protection solution. In this article we will highlight 6 reasons to use Defender for Office 365. It introduces a raft of additional security features to offer threat prevention and protection for inbound and outbound mail delivery. Overall, Defender for Office 365 protects your Exchange Online service from malicious content in emails, links, and other collaboration tools.

Safe Attachments

Safe Attachments protect against malicious files on email attachments. This also includes files stored in Teams, OneDrive, and SharePoint. Safe Attachments will detonate potentially unsafe files in a sandbox environment to simulate the opening of the file in a production environment. If malicious behaviour is found, then the service will quarantine the file. Otherwise, mail will find its way to the recipient with the attachment in tow.

This protection mechanism automates attachment opening in a safe environment as a barrier to your end-users. Thus, providing an extra layer of message and file security in your organisation’s arsenal.

Safe Links

Safe Links behaves as an intermediary between clicking a link or URL and arriving at the intended web page. In doing so, Microsoft scan and test the URLs. This is to determine if they relate to malicious websites used in phishing attacks. If the website is deemed as unsafe, Safe Links will prevent the end-user from browsing to the destination. Thus, protecting against potential credential theft.

Anti-phishing

Anti-phishing policies intelligently detect against potential phishing and impersonation attempts. This mechanism captures emails that arrive from a malicious sender but appear to be sent by a known and trusted individual. This is often within the organisation. This is a common vector and utilises social engineering to establish trust, despite the malicious intentions.


These policies identify when an email has originated outside of the organisation and impersonates the trusted user, and then prevents the delivery. These policies also protect against malicious senders that may be spoofing your own organisation’s email domain to cloak a potentially dangerous payload.

Anti-spam

This is the baseline spam protection in the Microsoft 365 Defender for Office 365 stack. The policies defined in Anti-Spam apply against all targeted email and calculate the likelihood that the message is spam. There are many metrics that we can configure in an anti-spam policy to automatically raise the spam score. But we can also explicitly block known malicious senders or allow known false positives.

Anti-malware

Microsoft releases consistent updates to ensure that your devices have the latest technology to protect against new malware and attack techniques. Email with detected malware will be quarantined for review by an administrator. Notifications can be provided to a designated address to raise awareness of a quarantined item. File types matching known executable and scripting suffixes can also be blocked as standard.

Anti-malware policies stop the delivery of known file attachments via email. This is a rudimentary but effective defence mechanism against emails which contain attachments with malicious executable code. We use these policies to block filetypes that are known vectors of nefarious code that introduce viruses and worms. Thus, stopping the risk posed to your endpoints and team members.

SPF, DKIM & DMARC

Although these methods are not strictly part of Defender for Office 365, they are a worthy mention. Especially when attempting to protect your domain from bad actors. These techniques authorise and authenticate which email platforms and service can send email on behalf of your domain.

  • SPF (Sender Policy Framework). This acts in a similar way to a guest list. In this record, you specify which email services can email on behalf of your domain. If a recipient server receives an email from your domain but from a server that isn’t in your SPF record, then the recipient’s spam configuration should either quarantine (Soft Fail) or quarantine/reject (Hard Fail) the item.
  • DKIM (Domain Keys Identified Mail). This adds authentication to any outbound email that you send from your email platforms. This could be Microsoft 365 or Google Workspace, or marketing platforms like Mailchimp or HubSpot. This effectively puts a stamp on email sent from your systems to tell the recipient server that your email is genuine.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance). Simply put, this enacts a policy that combines both SPF and DKIM. It instructs a recipient mail server what to do if a message fails either an SPF or DKIM lookup. With DMARC enabled, a mail platform will need to conform to both SPF and DKIM before an outbound email is genuine.

These aren’t necessarily technologies which protect your organisation directly. Instead, it protects the business and clients that you deal. It does this by ensuring that emails sent from your domain from your systems are treated as genuine communications. But puts preventative measures in place of any bad actors attempting to impersonate your organisation.

How Cambridge Support Can Help Your Business

Over the years we have been in business we have helped hundreds of businesses stay protected and compliant online. Our personal approach in everything we do causes us to ensure the level of service you receive is above what you would expect. We only promise what we can deliver and then deliver it. This has been how our Managing Partners Phil Mashinchi and Alex Foster operate. Our team are experts in their field and will be happy to answer any of your questions pertaining to Defender for Office 365. Contact us today or email directly at ask@cambridgesupport.com