Email protection tools are a critical weapon in your security armoury. Evaluate the unique features of Microsoft Defender for Office 365 vs Mimecast and other vendors.
Email is the primary attack vector for most cyber attacks so, as a result, deploying a comprehensive, best-in-breed email protection solution remains one of the very first (and most critical) security investments organisations make.
Considering its importance, it’s vital you have the best tools for the job – but changing email protection solutions can seem like a really big deal.
I can understand the reluctance to change:
This blog will dispel the most common questions and challenges I typically see when it comes to choosing a new email protection tool.
I’ll outline the key advantages of Microsoft Defender for Office 365 compared with Mimecast (and other vendors). I’ll also show you a new method to test and evaluate a potential switch, and explain how to migrate in a way that causes minimal disruption to your organisation.
At a high level, Mimecast’s Secure Email Gateway and Microsoft Defender for Office 365 may seem similar. Both offer the protection features you would expect: Anti-phishing, Anti-malware, Anti-spam, URL and attachment protection and so forth.
It’s only when you look beyond the headline features that you begin to realise the additional capability and value Defender for Office 365 delivers over its competitors.
There are some unique threat protection advantages that shouldn’t be ignored when it comes to integration between Office 365 and Microsoft Defender.
For example, there are no additional infrastructure components or connectors to configure, protection for URLs within Word, Excel and PowerPoint are natively integrated into the application, and protection of internal mail requires no additional complex journaling to achieve.
These are capabilities no third party vendor can provide currently.
Here’s a useful list of Defender for Office 365 key features and advantages you don’t get with Mimecast (or other email protection tools):
Whilst these features are impressive, they are not the only advantages. To understand the greater value provided by Defender for Office 365 it’s vital to look beyond email protection in isolation and understand the part it plays in the wider Microsoft 365 Defender platform.
With the current threat landscape necessitating a shift in thinking toward a “Zero Trust” mindset and “assume breach” security posture, ThirdSpace is increasingly seeing organisations coming up against the limitations and integration challenges posed by security strategies with multi-vendor point solutions.
With Microsoft Defender for Office 365, not only do you have a cutting-edge standalone solution, but you also have a key component of Microsoft 365 Defender, the unified pre- and post-breach enterprise defence suite from Microsoft.
With the complete Microsoft 365 Defender suite, your organisation can natively coordinate detection, prevention, investigation, and response across all endpoints, identities, email, and applications – providing integrated protection against sophisticated attacks all from within a single common interface.
By automatically analysing and correlating signals across endpoints, email, applications and identity, Microsoft 365 Defender automatically creates incidents based on multi-platform signals, automating the manual “joining of the dot” type activities that consume valuable analyst time in poorly integrated multi-vendor environments.
This cross-product integration facilitates huge increases in response and remediation capability, as well as the operational efficiency of your security teams. As the integration is native to the platform, configuration requires little effort to allow you to realise an almost immediate return on investment.
Up until a few years ago, this was perhaps a more difficult case to argue. The initial feature set offered by Office 365 Advanced Threat Protection (as it was named at the time) struggled to compete against the established and dominant vendors (such as Mimecast) in the email protection space.
This situation has changed dramatically over the last few years. Microsoft has annually invested over $1 billion in security R&D and continued to leverage its unique market position, scale and native integration capabilities.
When we talk about scale the numbers are truly astronomical, with over 470 billion emails analysed per month and 8 trillion threat signals a day. In 2019, Microsoft protected more mailboxes with Defender for Office 365 than ALL of their competitors combined (and more than three times that of their nearest competitor).
This volume and scale allows Microsoft to have an unparalleled view of global email traffic, which they then leverage using their advanced machine learning (ML) and artificial intelligence (AI) models to provide industry-leading protection to their clients.
(source: – Microsoft Defender for Office 365 Datasheet)
The constant innovation and enhancement across all Microsoft security products shows no signs of slowing, and with a team of over 3,500 cyber security engineers, this capability already exceeds the total revenue and headcount of many of their competitors. So, Microsoft has the scale and innovation but how does that translate to protection?
Want to know more about Defender for Office 365? Grab another cuppa and visit my additional blog for a detailed read on my top 5 features of Microsoft Defender for Office 365.
Learn about the key features of Microsoft's new holistic solution for extended detection and response (XDR) – and see it in action! We'll show you:
Historically, accurate evaluation of email protection solutions has been difficult to perform – for a test to be truly effective there is no substitute for real email traffic from real senders sent to real recipients.
As organisations are understandably reluctant to risk changing their email routing and protection platform to support an evaluation, vendors have resorted to using journaling or PST ingestion-based evaluations.
Evaluations of this nature bypass key indicators and detection components of mail protection solutions and provide an inaccurate picture of capability which often leads to an organisation’s evaluation and production deployment experience being significantly different.
To facilitate an accurate evaluation based on real email data, Microsoft has recently released “Evaluation Mode” – a new 30-day evaluation capability for Microsoft Defender for Office 365 into Public Preview.
This unique capability doesn’t require any MX record configuration changes to email routing, yet still allows Microsoft Defender for Office 365 to accurately filter email by preserving IP address and sender information, which are ordinarily lost when email passes through an upstream email security solution such as Mimecast.
Once configured, Evaluation Mode provides administrators with reports highlighting messages that would have been blocked if Microsoft Defender for Office 365 policies were implemented. As no action will be taken on email analysed by Defender for Office 365 in evaluation mode, there is no risk of end-user impact.
It’s a nifty little tool that’s well worth a look.
At ThirdSpace, we have a tried and tested, collaborative approach to Microsoft Defender for Office 365 migrations. Typically, the process of migration would involve an organisation and all key stakeholders working through a phased approach.
Here’s a very high-level outline of the phases and typical activities involved in a migration.
Review of existing email security configuration (Mimecast or other). Establish your protection challenges and goals. Identify VIP/Sensitive users and set up a test or pilot group.
Document your solution design to meet requirements set out in discovery stage. Communicate and review your plan with key stakeholders. Build and configure.
Implement protection policies to specified test users. Test, learn and adjust. Pilot the solution and commence communication to end users. Post-pilot review including learnings and adjustments.
Adjust policies and scope to include all users. Change MX records and provide go-live support and escalation to your IT and security teams. Complete a post go-live review and adjust policies where required, based on user feedback. Continual ongoing review of top targeted users, user submissions, campaign views and false positives to drive policy improvements.
To re-iterate this is just a high-level view of a phased approach, each stage has a lot more detail and multiple parts to consider.
Speak to ThirdSpace to understand more about how we can help you migrate.
The Microsoft Defender for Office 365 (and wider security offering) has come on leaps and bounds in the last two years to a point where it can truly offer you the ‘best-in-breed’ product for email protection, whilst still integrating perfectly into a holistic cloud-native security strategy.
If you’re interested in trialling Microsoft Defender for Office 365 then speak to us. We have experience in migrating protection of many thousands of client mailboxes from Mimecast (and other email protection solutions) to Defender for Office 365 and we understand that migration to a new platform can be a daunting prospect.
Engaging ThirdSpace to assist your organisation with a Mimecast migration reduces your risk and ensures your Microsoft Defender for Office 365 implementation provides the highest levels of protection and ROI.
Keep your finger on the pulse of security and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.
Paul is a Microsoft certified consultant with extensive experience of high-level solution design and implementation using industry-leading technology from major vendors. Paul's 19 years of IT...
READ AUTHOR'S FULL BIO
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.