sdecoret -


Sizing up the Office 365 protection options

Get serious about protecting your organization from ransomware and phishing attacks by taking a closer look at the leading Office 365 security offerings.

When a cyberattack takes down a company that serves thousands, if not millions, of customers, the damage can take a financial toll, as well as dent the company's reputation.

In April, a ransomware attack hit The Weather Channel, taking down several systems and causing a short outage. When the company confirmed the high-profile incident on Twitter, it was another in a long line of reminders to administrators that no company is immune to cyberattacks. A move from on-premises Exchange to the Microsoft cloud should include a closer examination of all the Office 365 protection offerings to prevent a security breach.

While there were few details on the methods used to infiltrate the company's systems, these types of attacks typically originate from an attachment or link in an email. Often, a link in an email is more successful for the attacker since it can evade most common endpoint protection systems that rely on virus signatures to detect viruses and ransomware. Attackers use email more frequently by tricking unsuspecting users to click on links by masking the sender's identity through spoofing. To thwart these attacks, administrators of Exchange Online and Office 365 should constantly evaluate ways to improve their email protections.

To help keep phishing emails and viruses from making it to the mailboxes of the end users, Office 365 administrators have a number of options, even when they use Exchange Online, which Microsoft manages on the back end. There are a number of comprehensive tools that can integrate with the Office 365 email service for additional protection against suspicious content that targets employees. Here is a short list of some of the more popular products Exchange administrators should consider to expand security coverage on the hosted email platform.


Better known for its networking business, Cisco has invested significantly in recent years in its products designed to protect infrastructure and services, including those based in Office 365. Some of the company's offerings have additional complimentary services, such as web filtering and identity management, that can help Exchange administrators increase their cybersecurity defenses.

To help keep phishing emails and viruses from making it to the mailboxes of the end users, Office 365 administrators have a number of options, even when they use Exchange Online, which Microsoft manages on the back end.


  • ability to combine Office 365 email protections with web filtering and multifactor authentication for stronger protections covering multiple fronts;
  • web filtering to boost end-user protections by blocking suspicious content or malicious IP addresses;
  • an end-user reporting mechanism within Outlook to flag emails that may have passed through the system and are considered spam or malicious; and
  • a strong reputation in the marketplace and trusted by many in the IT field.


  • Cisco Email Security Premium bundle for one year: $21.99 per user.


Symantec continues to reinvent itself and expand its security products and services. The company delivers cybersecurity protection on multiple fronts, starting with server side and endpoint protection and moving to hosted email protection.

Symantec also takes a unique approach to its virus and threat protection by adding AI into some of its products to boost its ability to detect and block attacks that other products miss.


  • the use of behavioral analytics and AI to identify malicious and abnormal activities within Office 365 apps, such as email, OneDrive, SharePoint, Teams and Yammer;
  • user access controls to help block suspicious users and alert IT; and
  • detection and protection against ransomware infections in Office 365.


  • Symantec Protect for email protection: $3.95 per user/month.
  • Symantec Safeguard for email protection with image control and policy-based encryption: $7.95 per user/month.


Given that Microsoft is the hosting provider and owner of Office 365, it's important that the company continues to release security products and services to protect its users and systems against attackers. But, despite the company's best efforts, enterprises are still not fully aware of all Microsoft offers in its security suite.


  • Microsoft incorporates its security features into Office 365 with no limitations or need for APIs and integration.
  • Microsoft security plans are more cost-effective and, in some cases, already bundled with other services. For example, the Advanced Threat Protection (ATP) Plan 2 is included in Office 365 E5 or Exchange Online Protection, which is also in the E3 and E5 subscriptions.
  • Microsoft offers threat protection within its Office suite products to block malicious code execution in tools such as Word, Excel and PowerPoint.
  • Microsoft security and compliance tools are accessible through the Office 365 admin portal to make it easier on administrators to manage their environment.


  • Office 365 ATP Plan 1 (configuration, protection and detection): $2 per user/month.
  • Office 365 ATP Plan 2 (all ATP Plan 1 features plus automation, investigation, remediation and education): $5 per user/month.

Protection tools can only go so far

Those are just a few of the security-based options for administrators to look over as part of their review process to protect their Office 365 services. Other notable contenders in this space include Barracuda, Trend Micro, Mimecast and Proofpoint -- just to name some of the companies that have Office 365 protection offerings.

It's important to note that tools alone will not be enough in the ongoing fight against outside threats. It doesn't take much to spoof an email address and trick an end user into handing over credentials to a seemingly legitimate source. End-user awareness and education must be part of every administrator's security plan.

Dig Deeper on Windows Server OS and management

Cloud Computing
Enterprise Desktop
Virtual Desktop