With a subscription to Microsoft 365, you can get: The latest Office apps, like Word, Excel, PowerPoint, and Outlook. The ability to install on PCs, Macs, tablets, and phones. 1 TB of OneDrive cloud storage. Training: Learn how to quickly get started with Microsoft 365, share and collaborate, work in Microsoft Teams, work from anywhere, and try cool Microsoft 365 features. Office 365 and Microsoft 365 are governed by the Modern Lifecycle Policy, which requires customers to stay current as per the servicing and system requirements for the product or service. This includes using Microsoft 365 Apps on a Windows operating system that is currently in support.
-->Important
The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.
Applies to
Important
This article is intended for business customers who have Microsoft Defender for Office 365. If you are using Outlook.com, Microsoft 365 Family, or Microsoft 365 Personal, and you're looking for information about Safe Links or Safe Attachments in Outlook, see Advanced Outlook.com security for Microsoft 365 subscribers.
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 includes:
Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
Reports: View real-time reports to monitor Defender for Office 365 performance in your organization.
Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Interactive guide to Microsoft Defender for Office 365
In this interactive guide you'll learn how to safeguard your organization with Microsoft Defender for Office 365. You'll see how Defender for Office 365 can help you define protection policies, analyze threats to your organization, and respond to attacks.
Getting Started
If you're new to Microsoft Defender for Office 365 or learn best by doing, you may benefit from breaking initial Defender for Office 365 configuration into chunks, investigating, and viewing reports using this article as a reference. Here are logical early configuration chunks:
- Configure everything with 'anti' in the name.
- anti-malware
- anti-phishing
- anti-spam
- Set up everything with 'safe' in the name.
- Safe Links
- Safe Attachments
- Defend the workloads (ex. SharePoint Online, OneDrive, and Teams)
- Protect with Zero-Hour auto purge
To learn by doing, click this link.
Note
Microsoft Defender for Office 365 comes in two different Plan types. You can tell if you have Plan 1 if you have 'Real-time Detections', and Plan 2, if you have Threat Explorer. The Plan you have influences the tools you will see, so be certain that you're aware of your Plan as you learn.
Microsoft Defender for Office 365 Plan 1 and Plan 2
The following table summarizes what's included in each plan.
| Microsoft Defender for Office 365 Plan 1 | Microsoft Defender for Office 365 Plan 2 |
|---|---|
| Configuration, protection, and detection capabilities: | Microsoft Defender for Office 365 Plan 1 capabilities --- plus --- Automation, investigation, remediation, and education capabilities: |
Office 365 Login
Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, Microsoft 365 E5 Security, and Microsoft 365 E5.
Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
Microsoft Defender for Office 365 Plan 1 and Microsoft Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. To learn more, see Feature availability across Microsoft Defender for Office 365 plans.
The Safe Documents feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
If your current subscription does not include Microsoft Defender for Office 365, contact sales to start a trial, and see how Defender for Office 365 can work for your organization.
Configure Microsoft Defender for Office 365 policies
With Microsoft Defender for Office 365, your organization's security team can configure protection by defining policies in the Security & Compliance Center (Go to https://protection.office.com > Threat management > Policy.)
Learn more by watching this video.
Tip
For a quick list of policies to define, see Protect against threats.
Defender for Office 365 Policies
The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible. For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly because new threats and challenges emerge daily.
Safe Attachments: Provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox. To learn more, see Set up Safe Attachments policies.
Safe Links: Provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked. To learn more, see Set up Safe Links policies.
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries. To learn more, see Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams.
Anti-phishing protection in Defender for Office 365: Detects attempts to impersonate your users and internal or custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks. To learn more, see Configure anti-phishing policies in Microsoft Defender for Office 365.
View Microsoft Defender for Office 365 reports
Microsoft Defender for Office 365 includes an advanced reporting dashboard to monitor your Defender for Office 365 performance. You can access it at Reports > Dashboard in the Security & Compliance Center.
Reports update in real-time, providing you with the latest insights. These reports also provide recommendations and alert you to imminent threats. Predefined reports include the following:
... and several more.
Use threat investigation and response capabilities
Microsoft Defender for Office 365 Plan 2 includes best-of-class threat investigation and response tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.
Threat trackers provide the latest intelligence on prevailing cybersecurity issues. For example, you can view information about the latest malware, and take countermeasures before it becomes an actual threat to your organization. Available trackers include Noteworthy trackers, Trending trackers, Tracked queries, and Saved queries.
Threat Explorer (or real-time detections) (also referred to as Explorer) is a real-time report that allows you to identify and analyze recent threats. You can configure Explorer to show data for custom periods.
Attack Simulator allows you to run realistic attack scenarios in your organization to identify vulnerabilities. Simulations of current types of attacks are available, including spear phishing credential harvest and attachment attacks, and password spray and brute force password attacks.
Save time with automated investigation and response
(NEW!) When you are investigating a potential cyberattack, time is of the essence. The sooner you can identify and mitigate threats, the better off your organization will be. Automated investigation and response (AIR) capabilities include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Explorer. AIR can save your security operations team time and effort in mitigating threats effectively and efficiently. To learn more, see AIR in Office 365.
Permissions required to use Microsoft Defender for Office 365 features
To access Microsoft Defender for Office 365 features in the Security & Compliance Center, you must be assigned an appropriate role. The following table includes some examples:
| Role or role group | Resources to learn more |
|---|---|
| global administrator (this can be assigned in either Azure Active Directory or in the Security & Compliance Center) | About Microsoft 365 admin roles |
| Security Administrator (this can be assigned in either Azure Active Directory or the Security & Compliance Center) | Administrator role permissions in Azure Active Directory |
| Exchange Online Organization Management (this is assigned in Exchange Online) | Permissions in Exchange Online |
| Search and Purge (this is assigned only in the Security & Compliance Center) | Permissions in the Security & Compliance Center |
For more information, see Permissions in the Security & Compliance Center.
Get Microsoft Defender for Office 365
Microsoft Defender for Office 365 is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business Premium. If your subscription does not include Defender for Office 365, you can purchase Defender for Office 365 Plan 1 or Defender for Office 365 Plan 2 as an add-on to certain subscriptions. To learn more, see the following resources:
Microsoft Defender for Office 365 availability for a list of subscriptions that include Defender for Office 365 plans.
Feature availability across Microsoft Defender for Office 365 plans for a list of features included in Plan 1 and 2.
Get the right Microsoft Defender for Office 365 to compare plans and purchase Defender for Office 365.
New features in Microsoft Defender for Office 365
New features are added to Microsoft Defender for Office 365 continually. To learn more, see the following resources:
Microsoft 365 Roadmap provides a list of new features in development and rolling out.
Microsoft Defender for Office 365 Service Description describes features and availability across Defender for Office 365 plans.
See also
Automated investigation and response (AIR) in Microsoft 365 Defender1
-->Important
Office 365 Subscription
- Support for Windows 7 ended on January 14, 2020. Learn more
- Microsoft 365 Apps is no longer supported on Windows 7.
- If you're a home user running Office on Windows 7, see Windows 7 end of support and Office instead of reading this article.
Office 365 and Microsoft 365 are governed by the Modern Lifecycle Policy, which requires customers to stay current as per the servicing and system requirements for the product or service. This includes using Microsoft 365 Apps on a Windows operating system that is currently in support.
Using Microsoft 365 Apps on older, unsupported operating systems may cause performance and reliability issues over time. Therefore, if your organization is using Microsoft 365 Apps on devices running Windows 7, we strongly recommend your organization moves those devices to Windows 10.
Security updates will continue for Microsoft 365 Apps on Windows 7
Even though Windows 7 is no longer supported, we've decided to continue to provide you with security updates for Microsoft 365 Apps for the next 3 years, until January 2023. We're doing this to give you additional time to make the transition from using Microsoft 365 Apps on devices running Windows 7 to devices running a supported operating system, such as Windows 10. But, during that time, as long as the device is still running Windows 7, your installation of Microsoft 365 Apps won't receive any new features updates.
Important
- Even with these security updates, Microsoft 365 Apps is no longer supported on Windows 7.
- This information applies even if you have purchased Extended Security Updates (ESU) for Windows 7. After January 2020, security updates for Windows 7 are only available with ESU. For more information, see FAQ about Extended Security Updates for Windows 7.
How to manage Microsoft 365 Apps on Windows 7 after January 2020
Version 2002 is the last version of Microsoft 365 Apps that you can install on devices running Windows 7. Version 2002 is available in Current Channel, Semi-Annual Enterprise Channel (Preview), and Semi-Annual Enterprise Channel.
This means that if you want to continue to deploy and update Microsoft 365 Apps on devices that are running Windows 7, you need to use Version 2002. If you try to install a newer version of Microsoft 365 Apps, such as Version 2005, on a device running Windows 7, you'll receive an error message.
Note
You can continue to use a version of Microsoft 365 Apps earlier than Version 2002 on devices running Windows 7 if that version is still available. For example, you can continue to use Version 1908 of Semi-Annual Enterprise Channel until March 2021. To see the version available in each update channel of Microsoft 365 Apps, refer to the table in Update history for Microsoft 365 Apps.
To deploy or update Version 2002 on devices running Windows 7, you can keep using the same management tools that you're currently using, such as the Office Deployment Tool or Microsoft Endpoint Configuration Manager. Also, Microsoft 365 Apps can remain on the same update channel as before.
If Microsoft 365 Apps is configured to get updates directly from the Office Content Delivery Network (CDN) on the internet, Microsoft 365 Apps on devices running Windows 7 will be updated automatically to the most current release of Version 2002 for that update channel.
Guidance when using Configuration Manager for updates
If you use Configuration Manager and the Software Update management workflow to update installations of Microsoft 365 Apps, we recommend that you create a separate collection for your Windows 7 devices. Then, use a query rule to add members to the collection.
On the 2nd Tuesday of each month, a new update package for Version 2002 that is only for devices running Windows 7 will be made available in the Microsoft Update Catalog. There will be an update package for each architecture (x86 or x64). That update package can be used with whichever update channel of Microsoft 365 Apps you have deployed. There won't be separate update packages of Version 2002 for each update channel. For example, the same update package can be used to update a Current Channel or a Semi-Annual Enterprise Channel installation of Microsoft 365 Apps on devices running Windows 7.
In the Office 365 Updates node, you'll see entries like the following, where ##### will be replaced by the most current build number:
- Microsoft 365 Apps Update for Windows 7 – Version 2002 for x64 based Edition (Build 12527.#####)
- Microsoft 365 Apps Update for Windows 7 – Version 2002 for x86 based Edition (Build 12527.#####)
These update packages are configured to apply only to devices running Windows 7. These update packages can't be used to update Microsoft 365 Apps on devices running other supported operating systems, such as Windows 10.
If you use an automatic deployment rule (ADR), you should create a new rule for these update packages. Then, use the new rule for your collection that contains your Windows 7 devices. We recommend using the 'Title' property and searching for 'Microsoft 365 Apps Update for Windows 7' as well as the architecture you support. If you support both x86 and x64, you can include both updates in one Software Update Package as clients will apply the appropriate update. You should also check other existing ADRs to make sure they don't incorrectly try to apply these update packages, which are only for devices running Windows 7, to devices running other operating systems.
Extended availability of Version 2002
Version 2002 will be available until January 2023 and will receive security updates, as needed, during that time. For a list of security updates included in releases of Version 2002, see Release notes for Microsoft 365 Apps Security Updates.
Versions of Semi-Annual Enterprise Channel are available usually for only 14 months, but we're making an exception for Version 2002 in order to align with the availability dates of Windows 7 ESU. This extended availability for Version 2002 also applies to other update channels, such as Current Channel and Semi-Annual Enterprise Channel (Preview).
The extended availability of Version 2002 until January 2023 applies only to devices running Windows 7.
After moving Microsoft 365 Apps to a supported Windows operating system
After you move Microsoft 365 Apps to a supported Windows operating system, you can configure Microsoft 365 Apps to begin receiving newer versions and feature updates again. Since updates for Microsoft 365 Apps are cumulative, you'll receive all the feature updates that you missed while your device was running Windows 7.
If you're getting updates directly from the Office CDN on the internet, after the device is moved to a supported operating system, Microsoft 365 Apps will be updated automatically to the most current version available for that update channel and will start receiving new features again.
What about other versions of Office on Windows 7?
Office 365 Outlook Login
Non-subscription versions of Office used by organizations, such as Office Professional Plus 2016 or Office Standard 2013, will continue to be supported based on the Fixed Lifecycle Policy. To see specific end of support dates for non-subscription versions of Office, go to Search Product and Services Lifecycle Information.
Office 365vmail
Even if your version of Office is still supported, Windows 7 will no longer receive security updates after January 2020, leaving it vulnerable to security threats, unless you have ESU. We recommend that you move to a supported operating system, such as Windows 10.
Additional information
Office 365 Download
- This information also applies to the following products:
- The subscription versions of the Project and Visio desktop apps. For example, if you have Project Plan 5 or Visio Plan 2.
- Microsoft 365 Apps for business (previously named Office 365 Business), which is the version of Office that comes with some Microsoft 365 business plans, such as Microsoft 365 Business Premium.
- For information about Windows Server 2008 R2, see Windows Server end of support and Microsoft 365 Apps.
- For end of support dates for different versions of Office on various versions of Windows, see the Office configuration support matrix.
- Other Microsoft resources are available to help you make the transition to using Microsoft 365 Apps on devices running Windows 10, including FastTrack and App Assure.
- To discuss or learn more about end of support for Office versions, visit Microsoft Office End of Support on the Microsoft Tech Community.
- If you're using Microsoft 365 Apps for enterprise on a device running Windows 7 or Windows Server 2008 R2, you'll continue to see Office 365 ProPlus under the Product Information section when you go to File > Account in an Office app, such as Word. If you're using Version 2002 of Microsoft 365 Apps for business, you'll see Microsoft 365 for business under the Product Information section.