ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
14 February 2017

How does Microsoft Defender secure email in Office 365?

Profile shot of David Guest.
Written by David Guest

Email is a prime target for cyber attackers looking to gain access to your organisation.

It’s no surprise. Email is so critical to day-to-day business.

With increasingly sophisticated malware campaigns being launched daily and data breaches constantly on the rise, how can you be sure your email environment isn’t exposed? With Defender for Office 365, Microsoft answers your call.

What is Microsoft Defender for Office 365?

You may or may not be aware, but Microsoft is now a giant in the security industry, posting over $10bn in revenue in 2020 attributed to security products, including Microsoft Defender.

This uniquely strong position gives Microsoft access to a huge array of telemetry data (actually 8 trillion security signals per day!) that can be analysed in order to spot threats and alert its clients. In 2020 alone, Microsoft blocked over 30bn email threats.

Microsoft Defender for Office 365 forms a key part of this holistic security suite, helping protect an organisation and employees from advanced, targeted and zero-day phishing, malware and business email compromise attacks.

Microsoft Defender for Office 365 is an enhancement to the standard email filtering and security that comes with Office 365. It gives much greater protection against malicious attacks and the latest threats that can be delivered via email, links (URLs) or collaboration tools, including:

  • Customisable threat protection policies
  • Real-time performance reporting and monitoring
  • Threat investigation and response capabilities
  • Cutting edge automated threat response functionality

Identifying malware and unsafe attachments

Most businesses will use their mailboxes as a way to allow employees, and sometimes external parties, to share files with each other as attachments. It’s crucial to the effective and efficient running of an organisation that employees can access and use email services freely and easily; but, with malware being as common and sophisticated as it is these days, mailboxes also exist as potential surfaces for a malicious cyber attack.

Microsoft Defender for Office 365 helps resolve this problem by means of a feature called Safe Attachments, which opens any document attached to an email in a cordoned-off virtual environment, in which it then analyses the file for suspicious properties. If deemed unsafe or malicious, attached files are moved out of your inbox and into a ‘detonation chamber’.

“How does Defender for O365 know if an attachment is malicious?”

This means it takes the suspicious attachment and places it in a virtual environment that’s extremely sensitive to any change detected within it. Here, it executes the attachment safely and without risk, and monitors exactly what it does once executed.

You might be wondering – how does Defender for O365 know if an attachment is malicious? Well, there are certain common behaviours that pieces of malware will likely do in pursuit of access to your organisation. This might be establishing a command-and-control communication channel through which to harvest and store desired information, or creating persistence on a user’s machine; there are a range of expected suspicious activities, and Microsoft Defender is wise to them all.

If there’s anything about files that are sent to your mailbox that is detected as malicious, the attachment isn’t presented to the user. You’re left with a clean inbox, and options for further responsive action.

Defender for Office 365 Demo

Defender for Office 365 Demo

See Defender for Office 365 in action. Covering key features and functions, we'll show you:

  • Custom policy creation and reporting dashboards
  • Cutting-edge investigation and response capabilities
  • How to improve protection, trial, and migrate to Defender
Watch now

Scanning and detonating malicious URLs

In addition to attached files, Defender for O365 also monitors links or URLs that are included in or attached to an email, using a component called Safe Links. Expanding on the content-scanning capabilities of Online Protection, Safe Links protects your email environment with immediate effect when links are clicked on by users.

While the content to which the monitored link directs is being scanned, the URL under scrutiny is rewritten so that it goes through Office 365. The URLs are examined in real time, at the exact time a user clicks them, meaning no time or productivity has to be lost in order to ensure protection. If a link is deemed to be unsafe within Microsoft Defender, the user receives a warning not to visit the site, or a notification that the site has been blocked.

This feature also offers extensive reporting capability, meaning you can easily and comprehensively understand what’s happening in your organisation and who’s been receiving malware. You’re given full visibility. It’s an incredibly powerful feature, and one we can expect to continue evolving and adapting on an almost weekly basis.

Rich reporting and critical insights

So, what happens with the security findings Defender for Office 365 makes when it’s performing all these checks and scans? In order to give admins visibility into each potentially dangerous click within the company, the details that Defender uncovers are aggregated into rich reports.

This means you’ll have critical insights into who within your organisation is being maliciously targeted, as well as the category of the attacks you’re up against. Messages that get blocked and individual malicious links contained within them are all traceable once detonated for safety, meaning that – as well as protecting your email environment for you in the immediate instance – Defender for Office 365 also arms you with the information needed to carry out your own responses thereafter.


Today’s malware-laden climate might very well present you with a daunting prospect: whether you shut your mailbox down or open it up to a breach, you risk a disastrous stop to productivity and, potentially, further damaging losses beyond that. The easiest way to ensure this doesn’t happen to your organisation? Microsoft Defender for Office 365.

Harness the power to properly safeguard your mailbox, or risk falling victim to malicious activity beyond your control.

Next, watch our Threat Protection Tools webinar on-demand to discover how the three Microsoft Defender technologies work together to keep your organisation safe.

Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Profile shot of David Guest.

About David Guest

Solution Architect and Technology Evangelist

As ThirdSpace’s Solution Architect and Technology Evangelist (yes, he knows it’s a long title), Dave has a background in IT that goes back to installing a piece of kit called a Microsoft Softcard in...


You may also like...


Remote working fuels 2022 Cyber Essentials changes – Are you ready to meet the new security standard?


A quick guide to Microsoft 365 E5 Security and Compliance add-ons


Microsoft 365 licensing: E3 vs. E5 – Which is right for you?

Recent Blog Articles

View All
Related topics

Webinar: Defender for Office 365 Demo

See how Microsoft’s email security tool protects against phishing and malware.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.