Email Security

Does Microsoft 365 Include An Email Security Gateway?

Discover what protections Microsoft 365 employs to keep users’ email communications safe.

Last updated on Dec 19, 2024
Mirren McDade Written by Mirren McDade
Laura Iannini Technical review by Laura Iannini
Does Microsoft 365 Include An Email Security Gateway?

Microsoft 365 is Microsoft’s cloud-powered productivity platform. It provides tools for communication and collaboration and is suitable for individuals, businesses, or enterprises. 

With a subscription to Microsoft 365, users receive the latest productivity apps (which include Microsoft Teams, Word, Excel, PowerPoint, Outlook, and OneDrive), the ability to install on PCs, Macs, tablets, and phones, 1 TB of OneDrive cloud storage, and feature updates and upgrades that are not available anywhere else.

Microsoft 365 supports real-time collaboration, remote work, and seamless device integration, which enables users to work efficiently from any location. It also offers enterprise-grade security, AI-powered features, and scalability, making it a comprehensive solution for modern work environments​.

So, Does Microsoft 365 Include An Email Security Gateway?

The short answer is no, it does not.

The longer answer is, when using Microsoft 365 / Outlook as your organization’s email server, your domain’s MX record will point directly to your Microsoft 365 tenant by default. This means that inbound mail to your domain will be sent directly to M365 without any preliminary scanning.

So, What Security Options Are Available Within Microsoft 365?

Microsoft 365 provides a robust suite of built-in security features and optional add-ons to protect organizations against a wide range of cyber threats, which include:

1) Microsoft Exchange Online Protection (EOP) 

EOP is included in all Microsoft 365 organizations that have Exchange Online mailboxes. It is turned on by default, but can be overridden by other security policies if needed, and provides core security functionality.

EOP Features:

  • Anti-spam (inbound and outbound): Email’s that exhibit signs of phishing will be handled according to the anti-spam policy action.
  • Anti-malware: Email with suspected malware will automatically be quarantined. Whether recipients are notified about quarantined malware messages is controlled by the quarantine policy and the settings in the anti-malware policy.
  • Connection filtering: This helps to identify good or bad source email servers by IP addresses.
  • Anti-phishing policies: Aims to block phishing and potentially spoofed emails.
  • Allow / block lists: This gives admins a way to manually override how the spam filter has classified a message.
  • Quarantine policies: Let admins define what end users can and cannot do with quarantined emails.

Although Microsoft has some basic filtering built into M365, it doesn’t always catch everything, especially more advanced threats.

2) Microsoft Defender

Microsoft Defender (Formerly Known As Advanced Threat Protection) is a paid add-on that provides more advanced functionality to enhance email security. It is available as either a standalone license or as part of a Microsoft 365 plan. This is a comprehensive suite of security tools designed to protect against advanced cyber threats across devices, emails, identities, and cloud applications.

Microsoft Defender Features

Plan 1

Plan 2

This includes with everything in Plan 1 plus the following features:

  • Provides attack simulation training for running realistic phishing simulations
  • Threat Explorer provides additional views, filters, and actions on top of the real-time detections from Plan 1
  • Threat tracker queries let admins automatically or manually discover security threats within their organization
  • Campaigns feature identifies and categorizes coordinated phishing and malware email attacks 
  • Automated Investigation and Response (AIR) helps security teams review, prioritize, and respond to alerts more efficiently
  • SIEM Integration API for automated investigations

What Types Of Third-Party Email Security Solutions Can Be Used In Conjunction With Microsoft 365?

1. Gateway-Based Email Security (Also Called SEG / Secure Email Gateway)

These operate by routing all email traffic through a dedicated gateway server, and employ multiple layers of protection including malware detection, spam filtering, phishing prevention, content filtering, and encryption. They also scan incoming emails before passing them along to your email server. This requires changing MX records.

2. API-Based Email Security

API-based email security leverages Application Programming Interfaces (APIs) to connect directly to an organization’s email platform, such as Microsoft 365 or Google Workspace. Unlike traditional Secure Email Gateways (SEGs), it works within the email environment itself rather than intercepting emails at the network perimeter, offering advanced visibility and control over email communications and mitigating threats in real time. This means scanning incoming emails after they reach Microsoft 365 and does not require any MX record changes.

More Resources

The following Expert Insights articles may be helpful for organizations looking for an email security solution for their Microsoft 365 environment:

Mirren McDade
LinkedIn Email

Senior Journalist & Content Writer

Mirren McDade is a senior writer and journalist at Expert Insights, spending each day researching, writing, editing and publishing content, covering a variety of topics and solutions, and interviewing industry experts. She is an experienced copywriter with a background in a range of industries, including cloud business technologies, cloud security, information security and cyber security, and has conducted interviews with several industry experts. Mirren holds a First Class Honors degree in English from Edinburgh Napier University.
Laura Iannini Laura Iannini
Email

Cybersecurity Analyst

Laura Iannini is an Information Security Engineer. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida. Laura has experience with a variety of cybersecurity platforms and leads technical reviews of leading solutions. She conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.