What is the difference between Plan 1 and Plan 2?

Plan 1 includes safe attachments, safe links, and anti-phishing for real-time protection. Plan 2 adds threat trackers, automated investigation, attack simulation training, and advanced hunting.

Is Defender for Office 365 included in Microsoft 365?

Plan 1 is included in Microsoft 365 Business Premium. Plan 2 is included in Microsoft 365 E5. Both can be added to other plans as standalone licenses.

What is the difference between Plan 1 and Plan 2?

Plan 1 includes Safe Attachments, Safe Links, and anti-phishing protection. Plan 2 adds Threat Explorer, automated investigation and response, attack simulation training, and campaign views. Plan 2 is included in Microsoft 365 E5.

Does Defender for Office 365 work with non-Microsoft email?

Defender for Office 365 is designed for Exchange Online mailboxes. For organizations using Gmail or other email providers, you would need a third-party email security solution or migrate to Microsoft 365.

How does Safe Attachments work?

When an email with an attachment arrives, Safe Attachments opens the file in a virtual sandbox environment and observes its behavior. If the attachment tries to execute malicious actions, it is blocked. This process typically adds only seconds to delivery time.

Back to Software Store

Microsoft

Microsoft Defender for Office 365

Name: Microsoft Defender for Office 365
Brand: Microsoft

Advanced email and collaboration security

Talk to Sales

Authorized Partner

Expert Deployment

Dedicated Support

Key Features

Safe Attachments

Detonates suspicious attachments in a sandbox before delivery to protect against zero-day malware

Safe Links

Time-of-click URL scanning protects against malicious links in emails and documents

Anti-Phishing AI

Machine learning models detect impersonation and business email compromise attempts

Attack Simulation

Train users with realistic phishing simulations and track improvement over time

Attack Simulation Training

Train users to recognize phishing attacks with realistic simulations. Track who clicks, measure improvement over time, and deliver targeted training to high-risk users.

Threat Explorer

Investigate email-based threats with powerful search and visualization tools. Hunt for malicious emails, understand attack campaigns, and remediate threats across mailboxes.

Trusted by Thousands

4.5

720 reviews

300M+ mailboxes

customers worldwide

Trusted by leading organizations

Enterprise customers worldwide

Available Plans

Compare Plans

Office 365 Plan 1

Safe attachments, safe links, and anti-phishing for email and Teams.

Watch Demo

Office 365 Plan 2

Advanced email protection with threat trackers, investigation, and attack simulation.

Watch Demo

Get Your Price

Tell us what you need and we'll send you a custom quote within 1 business day.

Why Get Microsoft Defender for Office 365 Through Inventive HQ?

Authorized Partner

We work with leading vendors to provide genuine, fully licensed software solutions.

Expert Deployment

Our team helps configure and deploy solutions tailored to your needs.

Ongoing Support

Dedicated account management and technical support when you need it.

Volume Licensing

Flexible licensing options tailored to your organization's size and needs.

“Inventive HQ made our software procurement painless. They handled deployment, licensing, and training — we were up and running in days, not weeks.”

James Mitchell

IT Director, Mid-Market Financial Services

Ideal For

Phishing Protection

Block sophisticated phishing attacks that evade traditional email security. AI-powered detection identifies impersonation, credential harvesting, and social engineering attempts.

Safe Attachments

Protect users from malicious attachments by detonating files in a sandbox before delivery. Block zero-day malware that signature-based solutions miss.

Safe Links

Protect users from malicious URLs in emails and Office documents. Time-of-click verification blocks access to newly weaponized links even after delivery.

Security Awareness Training

Reduce human risk with simulated phishing campaigns and targeted training. Build a security-conscious culture that resists social engineering attacks.

About Microsoft Defender for Office 365

Learn how Microsoft Defender for Office 365 from Microsoft can help transform your business operations.

Microsoft Defender for Office 365 protects organizations against advanced threats targeting email, documents, and collaboration tools within the Microsoft 365 environment. Available in Plan 1 and Plan 2 tiers, it layers AI-powered detection, detonation-based analysis, and post-delivery protections on top of Exchange Online Protection to stop phishing, business email compromise, malware, and zero-day threats.

Plan 1 provides Safe Attachments, which detonates email attachments and linked files in isolated sandbox environments to detect malicious behavior before delivery; Safe Links, which rewrites and checks URLs at time-of-click to block access to newly weaponized sites; and anti-phishing policies powered by machine learning that detect impersonation attempts targeting specific users, domains, or brands. These protections extend beyond email to SharePoint, OneDrive, and Teams, securing the collaboration surface where files and links are routinely shared.

Plan 2 builds on Plan 1 with Threat Trackers that give security teams real-time visibility into trending threat campaigns and their impact on the organization. Threat Explorer provides a detailed investigation interface for searching, filtering, and analyzing email threats across the tenant—including post-delivery actions like soft deletes or zero-hour auto purge (ZAP) remediation. Automated Investigation and Response (AIR) playbooks automatically investigate suspicious emails, determine scope, and recommend or execute remediation actions.

Plan 2 also includes Attack Simulation Training, which allows organizations to run realistic phishing simulations against their own users, measure susceptibility, and assign targeted training to improve security awareness. Integration with the broader Microsoft 365 Defender suite correlates email-based signals with endpoint, identity, and cloud application telemetry, providing unified incident views and cross-domain automated response across the full attack chain.

Frequently Asked Questions

Ready to Get Started with Microsoft Defender for Office 365?

Let our experts help you deploy and configure Microsoft Defender for Office 365 for your organization. Get expert guidance and dedicated support.

Have Questions? Talk to Us