ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
09 March 2021

Microsoft Defender for Office 365 vs Mimecast – evaluate and migrate

A headshot photo of ThirdSpace consultant Paul Rouse.
Written by Paul Rouse

Email protection tools are a critical weapon in your security armoury. Evaluate the unique features of Microsoft Defender for Office 365 vs Mimecast and other vendors.

Email is the primary attack vector for most cyber attacks so, as a result, deploying a comprehensive, best-in-breed email protection solution remains one of the very first (and most critical) security investments organisations make.

Considering its importance, it’s vital you have the best tools for the job –  but changing email protection solutions can seem like a really big deal.

I can understand the reluctance to change:

  • Don’t all vendors offer pretty much the same thing? With so many solutions offering seemingly similar capabilities.
  • Migrations to alternate solutions feel too risky, all-encompassing and insurmountable.
  • And lastly, there’s no easy way to ‘try before you buy’ when considering a switch.

This blog will dispel the most common questions and challenges I typically see when it comes to choosing a new email protection tool.

I’ll outline the key advantages of Microsoft Defender for Office 365 compared with Mimecast (and other vendors). I’ll also show you a new method to test and evaluate a potential switch, and explain how to migrate in a way that causes minimal disruption to your organisation.

Microsoft Defender for Office 365 vs Mimecast

At a high level, Mimecast’s Secure Email Gateway and Microsoft Defender for Office 365 may seem similar. Both offer the protection features you would expect: Anti-phishing, Anti-malware, Anti-spam, URL and attachment protection and so forth.

It’s only when you look beyond the headline features that you begin to realise the additional capability and value Defender for Office 365 delivers over its competitors.

There are some unique threat protection advantages that shouldn’t be ignored when it comes to integration between Office 365 and Microsoft Defender.

For example, there are no additional infrastructure components or connectors to configure, protection for URLs within Word, Excel and PowerPoint are natively integrated into the application, and protection of internal mail requires no additional complex journaling to achieve.

These are capabilities no third party vendor can provide currently.

Here’s a useful list of Defender for Office 365 key features and advantages you don’t get with Mimecast (or other email protection tools):

Email protection features unique to Defender for Office 365

  • Native time-of-click URL protection integration in Word, Excel, PowerPoint and Office Online.
  • Native hover-over experience shows original URLs for wrapped links.
  • Native URL protection for internal email, on all licences (with no journaling set-up or product add-ons).
  • Enhanced spoof protection beyond DMARC checks.
  • Malware protection for files in SharePoint, OneDrive and Microsoft Teams.
  • Compromise detection and response, based on anomalous patterns and Office 365 activities.
  • Powerful and feature-rich Attack Simulator with integrated training modules.
  • Built-in Best Practice Configuration Analyzer.

Microsoft cross-platform integration advantages

  • Integrated admin portals between endpoint, identity and application protection tools.
  • Native alert correlation and incident creation across endpoint, identity, email and application.
  • One-click integration with Azure Sentinel Cloud SIEM.
  • No additional infrastructure components or deployments required (assuming you already have M365).

Whilst these features are impressive, they are not the only advantages. To understand the greater value provided by Defender for Office 365 it’s vital to look beyond email protection in isolation and understand the part it plays in the wider Microsoft 365 Defender platform.

Holistic security advantages

With the current threat landscape necessitating a shift in thinking toward a “Zero Trust” mindset and “assume breach” security posture, ThirdSpace is increasingly seeing organisations coming up against the limitations and integration challenges posed by security strategies with multi-vendor point solutions.

With Microsoft Defender for Office 365, not only do you have a cutting-edge standalone solution, but you also have a key component of Microsoft 365 Defender, the unified pre- and post-breach enterprise defence suite from Microsoft.

With the complete Microsoft 365 Defender suite, your organisation can natively coordinate detection, prevention, investigation, and response across all endpoints, identities, email, and applications – providing integrated protection against sophisticated attacks all from within a single common interface.

By automatically analysing and correlating signals across endpoints, email, applications and identity, Microsoft 365 Defender automatically creates incidents based on multi-platform signals, automating the manual “joining of the dot” type activities that consume valuable analyst time in poorly integrated multi-vendor environments.

This cross-product integration facilitates huge increases in response and remediation capability, as well as the operational efficiency of your security teams. As the integration is native to the platform, configuration requires little effort to allow you to realise an almost immediate return on investment.

Leverage threat intelligence on a never-before-seen scale

Up until a few years ago, this was perhaps a more difficult case to argue. The initial feature set offered by Office 365 Advanced Threat Protection (as it was named at the time) struggled to compete against the established and dominant vendors (such as Mimecast) in the email protection space.

This situation has changed dramatically over the last few years. Microsoft has annually invested over $1 billion in security R&D and continued to leverage its unique market position, scale and native integration capabilities.

When we talk about scale the numbers are truly astronomical, with over 470 billion emails analysed per month and 8 trillion threat signals a day. In 2019, Microsoft protected more mailboxes with Defender for Office 365 than ALL of their competitors combined (and more than three times that of their nearest competitor).

This volume and scale allows Microsoft to have an unparalleled view of global email traffic, which they then leverage using their advanced machine learning (ML) and artificial intelligence (AI) models to provide industry-leading protection to their clients.

Visual representation of Defender for Office 365's success versus competitors.

(source: – Microsoft Defender for Office 365 Datasheet)

The constant innovation and enhancement across all Microsoft security products shows no signs of slowing, and with a team of over 3,500 cyber security engineers, this capability already exceeds the total revenue and headcount of many of their competitors. So, Microsoft has the scale and innovation but how does that translate to protection?

Want to know more about Defender for Office 365? Grab another cuppa and visit my additional blog for a detailed read on my top 5 features of Microsoft Defender for Office 365.

Defender for Office 365 Demo

Defender for Office 365 Demo

See Defender for Office 365 in action. Covering key features and functions, we'll show you:

  • Custom policy creation and reporting dashboards
  • Cutting-edge investigation and response capabilities
  • How to improve protection, trial, and migrate to Defender
Watch now

How can I evaluate email security tools before I switch?

Historically, accurate evaluation of email protection solutions has been difficult to perform – for a test to be truly effective there is no substitute for real email traffic from real senders sent to real recipients.

As organisations are understandably reluctant to risk changing their email routing and protection platform to support an evaluation, vendors have resorted to using journaling or PST ingestion-based evaluations.

Evaluations of this nature bypass key indicators and detection components of mail protection solutions and provide an inaccurate picture of capability which often leads to an organisation’s evaluation and production deployment experience being significantly different.

To facilitate an accurate evaluation based on real email data, Microsoft has recently released “Evaluation Mode” – a new 30-day evaluation capability for Microsoft Defender for Office 365 into Public Preview.

This unique capability doesn’t require any MX record configuration changes to email routing, yet still allows Microsoft Defender for Office 365 to accurately filter email by preserving IP address and sender information, which are ordinarily lost when email passes through an upstream email security solution such as Mimecast.

Once configured, Evaluation Mode provides administrators with reports highlighting messages that would have been blocked if Microsoft Defender for Office 365 policies were implemented. As no action will be taken on email analysed by Defender for Office 365 in evaluation mode, there is no risk of end-user impact.

It’s a nifty little tool that’s well worth a look.

How to migrate from Mimecast to Microsoft Defender for Office 365

At ThirdSpace, we have a tried and tested, collaborative approach to Microsoft Defender for Office 365 migrations. Typically, the process of migration would involve an organisation and all key stakeholders working through a phased approach.

Here’s a very high-level outline of the phases and typical activities involved in a migration.


Review of existing email security configuration (Mimecast or other). Establish your protection challenges and goals. Identify VIP/Sensitive users and set up a test or pilot group.

Design and build:

Document your solution design to meet requirements set out in discovery stage. Communicate and review your plan with key stakeholders. Build and configure.

Test and pilot:

Implement protection policies to specified test users. Test, learn and adjust. Pilot the solution and commence communication to end users. Post-pilot review including learnings and adjustments.


Adjust policies and scope to include all users. Change MX records and provide go-live support and escalation to your IT and security teams. Complete a post go-live review and adjust policies where required, based on user feedback. Continual ongoing review of top targeted users, user submissions, campaign views and false positives to drive policy improvements.

To re-iterate this is just a high-level view of a phased approach, each stage has a lot more detail and multiple parts to consider.

Speak to ThirdSpace to understand more about how we can help you migrate.


The Microsoft Defender for Office 365 (and wider security offering) has come on leaps and bounds in the last two years to a point where it can truly offer you the ‘best-in-breed’ product for email protection, whilst still integrating perfectly into a holistic cloud-native security strategy.

If you’re interested in trialling Microsoft Defender for Office 365 then speak to us. We have experience in migrating protection of many thousands of client mailboxes from Mimecast (and other email protection solutions) to Defender for Office 365 and we understand that migration to a new platform can be a daunting prospect.

Engaging ThirdSpace to assist your organisation with a Mimecast migration reduces your risk and ensures your Microsoft Defender for Office 365 implementation provides the highest levels of protection and ROI.

Key takeaways

  • Microsoft Defender for Office 365 is the best-in-breed for email protection.
  • Defender for Office 365 integrates with the wider Microsoft Defender suite for seamless protection.
  • Easily evaluate Defender for Office 365 vs your existing email protection solution with no charge and no obligation.
  • An experienced Microsoft security partner can make your migration a doddle.
Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Next steps (and further reading)

A headshot photo of ThirdSpace consultant Paul Rouse.

About Paul Rouse

EMS Consultant

Paul is a Microsoft certified consultant with extensive experience of high-level solution design and implementation using industry-leading technology from major vendors. Paul's 19 years of IT...


You may also like...


Top 4 managed security services benefits – It’s not all about the money


From ‘You’ve been pwned’ to passwordless: Secure access made easy – An interview with Yubico’s Chief Solutions Officer


The key to SOCcess – 5 things you need to consider for improved threat monitoring and response

Recent Blog Articles

View All
Related topics

Webinar: Defender for Office 365 Demo

See how Microsoft’s email security tool protects against phishing and malware.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.