Micro Solutions Blog

Using Microsoft 365 Defender to Stop Phishing Scams

Using Microsoft 365 Defender to Stop Phishing Scams

Phishing can cause you to lose time, money, and most importantly, it can expose intellectual property or sensitive private information. Microsoft 365 Defender can dramatically mitigate this risk with several built-in features. Phishing attacks are a serious and persistent threat to your business. These fraudulent actions can cause your team members to accidentally share financial, customer, student, patient, or account information with cybercriminals also referred to as threat actors. How does this happen?

The issue is that the attackers seem credible since they’re impersonating trusted sources and high-level executives. As a result, your team members may not even have second thoughts about distributing sensitive personnel or corporate data. Despite the attempts to raise user awareness of this fraud, phishing emails are still widespread. They’re the starting point of most hacking activities and can cause organizations to lose millions of dollars. In addition, the victim may face legal action, diminished reputation, reduced customer confidence, and business disruption.

That’s why protecting your business from phishing attacks is paramount. Numerous safety mechanisms are available, but Microsoft 365 Defender might be your best option. It comes with various security layers to safeguard against successful phishing attempts.

Remember, this is about mitigating risks. Threat actors are working constantly to find new ways to outsmart the latest updates, and they will. Carrying a cyber liability insurance policy is of extreme importance, especially if you house any Personally Identifiable Information (PII) or Protected Health Information (PHI) as breaches of such data may end in legal actions being carried out against the party who was not using “due care” with the protected information.

Now, let’s take a look at the seven features of Microsoft 365 Defender that can serve as protection for your business. You probably already know a few of them from your ordinary day-to-day operations, but maybe there are a few that your IT environment could benefit from adopting.



The most dangerous type of phishing scam involves emails whose sender seems to be an actual entity. The attacker often uses cunning tactics, like referring to the victim by their name or nickname. Sometimes, they can even use real accounts and use them to trick businesses.

For example, I recently received an email with my boss’ name as the sender.

The email read something along the lines of ” Hey man, do you have a minute to run an errand for me?”.

Of course, I replied. “Sure what can I do for you?”.

At this point, I still hadn’t realized that I wasn’t talking to whom I believed I was.

The illusion was quickly broken when his next message arrived in my inbox reading ” I need you to buy me $1,000 of amazon gift cards”.

Even though I spend my days thinking about phishing, it only takes a brief moment to open something potentially catastrophic. Luckily, the message was simply phishing for gift cards and nothing malicious to our IT environment.

Using machine learning, Microsoft Defender 365 lists the contacts you regularly communicate with. Then, it uses advanced tools to differentiate suspicious from acceptable behavior. The result is more accurate detection of phishing emails. ( The email chain I was describing earlier DEFINITELY would have been flagged.)


Different types of malware can spread through phishing emails. For example, ransomware locks your files and systems until the attacker receives a ransom from either you or your insurance provider. This is the top reason for carrying cyber liability insurance.

Spyware can be even more dangerous. It steals your information by copying clipboards, taking screenshots, or recording keystrokes. Microsoft Defender 365 addresses such malware with robust safety mechanisms, namely:

Layered malware defense – The platform comes with multiple malware scan engines to help diagnose potential threats. They provide a robust heuristic inspection to shield your system even in the earliest stages of an outbreak. This type of protection is superior to using just one anti-malware program.

Real-time response – During outbreaks, the platform provides your team with instant access to devices, allowing you to investigate and contain threats in real-time. It also enables your team to collect data and proactively tackle malware.

Rapid definition deployment – The Microsoft 365 Defender team maintains a close relationship with anti-malware engine developers. Consequently, users of the platform receive malware definitions on time. Plus, the company checks for definition updates every hour to help protect you against the latest malware.

Common attachments filter – Some file types aren’t meant for emails, such as executable documents. If your employee is only using workstations for data entry or other secretarial tasks, you may want to limit users abilities to receive attachment types. With that in mind, the common attachment filter lets you automatically block them without any scanning. Some of the file types it can remove include .ace, .exe, .app, .ani, and .scr.


Another common culprit for phishing campaigns is spam emails. Blocking them is an excellent way to shield your organization from attacks. Defender boasts powerful anti-spam technology to address spam emails by examining the source of the message and the contents. If the email comes from untrustworthy sources or contains suspicious information, it automatically goes to your spam folder. On top of that, this feature examines your team members’ activity to help make sure they don’t send spam emails to other users.


Phishing emails don’t only contain attachments. They can also include URLs to lead your team members to a fraudulent website. These web pages often look legitimate, but they generally require the victim to provide some information.

Furthermore, they can lead to websites that install or download malware on your computers. Safe Links shield your system from malware transmissions using URL detonation. It scans email links and checks for suspicious behavior.

Microsoft Defender 365 warns you not to visit links that open malicious websites. Otherwise, you can open your destination URLs normally. It’ll also rescan the service sometime later and look for any security problems.

Another great thing about this feature is that it scans email links from all personnel within your organization. Moreover, it works great on documents uploaded to SharePoint and Microsoft Teams.


Some users, especially if they’re reckless or untrained, commonly open malicious email attachments without second thoughts. They can expose protected data to prying eyes as a result, which can ruin your reputation and give you a long string of financial and legal troubles.

Defender can reduce this risk by opening all email attachments in a sandbox. It serves as isolation, meaning that malicious files can only affect the sandbox rather than your system.

Once the program isolates malware, it’ll warn you not to open it. But if the attachment is safe, you’ll be able to use it normally.


Enhanced Filtering is perfect for enterprises that route emails to on-premises environments with third-party services before sending them to Microsoft 365. The platform comes with inbound connectors that verify whether your email sources are trustworthy. The higher the complexity of the routing scenario, the higher the chances are that email connectors don’t reflect their real source.

What’s more, this feature preserves the authentication signals that may have disappeared while routing emails. It enhances the filtering capabilities of Microsoft 365, allowing it to detect phishing and spam emails more effectively.


Microsoft Defender lets you set specific mailboxes where you can send any threatening emails. This feature allows you to determine the criteria for safe and malicious email while identifying the mailboxes that will store these messages. Thus, your administrators have more control over flagging emails and reporting them to Microsoft.


Phishing attacks can spell disaster for your company. To help mitigate the threat, integrate your office’s computers with Microsoft 365 Defender. This platform can keep your system intact with dependable security measures.

It can also detect malicious activity on time, enabling you to address it before it spreads and compromises your privacy. Using Microsoft 365 Defender is just one part of your cybersecurity.

If you’d like a non-salesy chat to help determine other potential risks in your network, reach out to us today.

Article used with permission from The Technology Press.