Microsoft 365 Defender: How to Use Microsoft 365 Defender 

Each day, it becomes easier to be present or work anywhere and everywhere, thanks to cloud technology. But threats also advance to reach wherever we are.
Microsoft 365 Defender: How to Use Microsoft 365 Defender 

Each day, it becomes easier to be present or work anywhere and everywhere, thanks to cloud technology and innovation. But threats also advance and want to reach wherever we are.

You need online security to protect yourself and ensure your company data are cyber-secure. One key online security solution is Microsoft Defender for Office 365, formerly Office 365 Advanced Threat Protection (ATP). 

This article outlines what Microsoft Office 365 Defender is and how it can protect your business.

What Is Microsoft 365 Defender?

What Is Microsoft 365 Defender?

Microsoft 365 Defender is a cloud-based enterprise cybersecurity suite offered by Microsoft. The suite is designed to protect Microsoft 365 by offering unified threat protection and detection across email, endpoints, and applications to provide n against sophisticated attacks. 

Generally, Defender for Microsoft 365 is a unified pre- and post-breach enterprise cyber security defense suite that aims to provide integrated threat protection against malware and sophisticated attacks. It coordinates threat prevention,  detection, investigation, and response natively across endpoints, email, identities, links (URLs), applications, and collaboration tools.

Microsoft 365 Defender protection

Microsoft 365 Defender services protect:

Endpoints with Defender for Endpoint

Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

Assets with Defender Vulnerability Management

Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.

Email and collaboration with Defender for Office 365

Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.

Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection 

Defender for Identity uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD.

Applications with Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Microsoft 365 Defender Licensing requirements

You can get  Microsoft 365 Defender features from any of these licenses via Microsoft 365 Defender portal at no additional cost:

  • Microsoft 365 EF or A5
  • Microsoft 365 E3 with Microsoft 365 E5 Security add-on
  • Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
  • Microsoft 365 A3 with the Microsoft 365 Security add-on
  • Windows 10/11 Enterprise E5 or A5
  • Enterprise Mobility + Security (EMS) E5 or A5
  • Office 365 E5 or A5
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Office 365 (Plan2)
  • How Does Microsoft 365 Defender Work?

Microsoft 365 Defender targets malicious threats through email and other Microsoft 365 apps. 

You connect the security service to a Microsoft database via Microsoft 365 portal, which analyzes your enterprise's endpoints and correspondence and then evaluates the likelihood of potential malware in a text, file, or link being a potential malware.

Microsoft 365 Defender has 3 primary security services/products in every subscription type:

  • Exchange Online Protection (EOP). This prevents broad, volume-based, known attacks.
  • Microsoft Defender for Office 365 (Defender for Office 365 Plan 1 (P1), which protects email and enterprise collaboration tools (like Teams) from viruses, phishing, zero-day malware, and email compromise.
  • Microsoft Defender for Office 365 or Defender for Office 365 Plan 2 ( P2) adds more services in addition to what's in EOP and Plan 1. The additional products are post-breach investigation, response, malware hunting, protection automation, and simulation.

To keep you protected, Microsoft 365 Defender has 3 key services/products includes:

Microsoft Defender for Endpoint

Enterprise endpoint security platform helping enterprise networks detect, prevent, investigate, and respond to advanced threats. 

Threat protection policies

Threat protection sets the appropriate threat protection level for your organization.

Threat investigation and response capabilities: Leading-edge tools help investigate, simulate, understand, and prevent threats.


Real-time reports monitoring Defender for Microsoft 365's performance in your organization.

Automated threat investigation

Automate threat investigation and response capabilities to save time and effort and mitigate them early.

Microsoft 365  Defender shows the exact attack location through these capabilities, such as defense evasion, persistence, or lateral movement. You can then see the issue's severity and level and act accordingly.  

Microsoft 365 Defender process involves an emphasis goal that looks like this:

Protect > Detect > Investigate > Respond 

All the Microsoft 365 plans (EOP, MDO P1, or MDO P2) can conduct these goals: security breach investigating, protecting, detecting, and responding. But each plan has a core goal:

  • Microsoft 365 security — EOP protection.
  • Microsoft 365 Defender P1 — EOP and detection.
  • Microsoft 365 Defender P2 — EOP and P1.

The structure of Microsoft Defender 365 protection is cumulative. So, during product configuration, it's essential to start with EOP and then move to Defender for Microsoft 365 P1 and P2.

EOP security is in Microsoft 365 E3 or below, and it comes with an option to upgrade to the standalone Defender for Office 365 P1. 

Also, Microsoft 365 E5 comes with Defender for Microsoft 365 P2, which includes MDO P1 and EOP.

How to Turn On Microsoft 365 Defender?

Microsoft Defender 365 automatically turns on when eligible customers with the requisite permissions visit its service portal. However, you may wish to turn the service on manually. 

Here are the steps:

  1. Check your plan's license eligibility > confirm required permissions. Access to any Microsoft 365 security product gives you a guaranteed usage of Defender for Microsoft 365 without any additional licensing cost.
  2. Check your role. You can't turn on Defender for Office 365 without being signed one of the different roles:
    • Security Administrator
    • Global Administrator
    • Security Operator
    • Security Reader
    • Global Reader
    • Compliance Administrator
    • Compliance Data Administrator
    • Application Administrator
    • Cloud Application Administrator
  3. Once you've checked your role, you can use it (with the password) to log into the  Defender for Microsoft 365 service portal (admin center).
  4. From the service portal, you can enable Microsoft 365 Defender for any email or Microsoft 365 service.
  5. On the left pane, check the list of items located in the service portal and click "Show all."
  6. Under the admin center, click security. This brings you protection to Microsoft 365 with other navigators.
  7. You'll then go through some settings (instructions provided on the dialogue boxes) and then confirm if your Microsoft Defender 365 service is on. 
  8. If support services are not enabled, stay on the left pane then:
    • Go to Search> Audit Log Search. If prompted, click Turn on auditing to enable the audit log search.
    • Go back to the left pane and click on Threat Management > Policy. 
    • You will see different service provisions that you can configure and deploy for your organization, such as phishing, safe links, attachment, spam, malware, etc.
    • To enable protection, click on any of the policies, for example, the ATP attachments, and depending on your role, you can enable protection and more. 
  9. If you're a global admin, for instance, at the center of the ATP attachments, click on Global settings, and on the right pane, you'll turn on the Toggle to turn on ATP for SharePoint, OneDrive, and Teams > then click Save.

That's just it. You can do the same for other service policies on your subscription. 

What Is The Cost of Microsoft Office Defender?

Microsoft 365 Defender has an indirect pricing scheme. It charges most services per user in hours or per month. Microsoft also included the princes in the Microsoft 365 plans.

The Microsoft Defender for Cloud is a free service for the first 30 days. After that, its charged as per the pricing scheme below:

  • Microsoft Defender for Servers Plan 1: $0.007/Server/hour
  • Microsoft Defender for Servers Plan 2: $0.02/Server/hour (Included data - 500 MB/day)
  • Microsoft Defender for Containers: $0.0095/vCore/hour
  • Microsoft 365 Defender P1 standalone: $3/user/month (or Microsoft 365 E3 plan) costs $32 per user per month.
  • Microsoft 365 Defender P2 version standalone: $5.00/user/month (Alternatively, it's included in the Microsoft 365 E5 enterprise plan for $57/user/month).

You can access Microsoft 365 Defender even if you don't have a Microsoft 365 subscription.

Is Windows Defender Good Enough?

Microsoft's Windows Defender, as currently offered, isn't good enough. Although it comes closer to competing with third-party security suites, it still lacks essential features that a great security suite should provide.

It ranks detection rates of top antimalware competitors in malware detection, takes longer to scan, causes more PC slowdown, and severely lacks security features compared to top antivirus and security suites. 

So, using Windows Defender as a standalone security suite will still leave you vulnerable to advanced threats. You can combine it with premium internet security suits like the Microsoft Defender for Office 365. 


Overall, ensure that your business is cyber-secure. If you have Microsoft 365, enable Microsoft Defender 365. Windows Defender is good antivirus software, but you cannot depend on it alone for cloud protection.

We're glad you’ve read the article up to here :) Thank you

Please share it with your friends or colleagues if you have an extra second. Someone else may also benefit from it. 

Also, subscribe to your newsletter below and receive our articles directly in your email. We also share product updates, coupons, and offers, and you will be lucky to be among the first to receive them.

Keep Learning  

» How Do I Reinstall Windows From the Cloud?
» Why Secure Your Emails with Encryption in Office 365
» Microsoft 365 Data Loss Prevention: Guide to Data Protection and Compliance
» Why You Should Block Microsoft Legacy Authentication
» Mobile Device Management (MDM) for Microsoft 365: Ultimate Guide
» How to Keep Your Data Safe When Using Microsoft Office 365