It’s crucial that organizations using Office 365 find
and implement a strong, multi-layered email security solution for their users. Office 365 has quickly become the most popular
cloud based platform, making it a prime target for attackers looking for an
easy way to compromise email data. In the cloud, email has remained the number
one threat vector, with attacks like phishing attacks, spam and ransomware
becoming major issues for many businesses.
In this guide, we’ll take you through the top email
security solutions for use with Office 365. This will cover many different
kinds of email security technologies. This includes Secure Email Gateways,
which filter malicious emails before they enter users’ inboxes, Phishing Protection
platforms that automatically remove phishing attacks, and email encryption
solutions that secure email communications.
We’ll cover the key features of these solutions, what makes
them perfect to secure emails with Office 365, and what types of customers they
are most suitable for. Information in this article has been gathered from our
own research, and from the views of customers who we have spoken to and have
left reviews on the Expert Insights platform.
The Best Email Security Solutions For Office 365 Includes:
- Proofpoint Essentials | Avanan | SpamTitan | IRONSCALES | Mimecast | Menlo Security | Microsoft Defender for Office 365 | Microsoft Compliance Center | Agari | Vade Secure | Cisco Email Security for Office 365
Start a Trial
Spam and Malware Protection, Safe Links, Email Archiving, Data Leakage Prevention & Email Encryption
Proofpoint is a global leader in email security solutions, protecting over 100,00 businesses around the world. Proofpoint Essentials is a fully cloud-based secure email gateway, designed to protect small and medium-sized businesses using Office 365 from email threats. Proofpoint Essentials combines a powerful secure email gateway platform with email archiving, encryption, and data loss prevention.
Proofpoint offers multiple threat protection features to stop data breaches and email threats. Proofpoint uses multi-layered email security engines to prevent threats like spam, malware and phishing attacks. This includes URL defense (Safe Links) to block malicious email links at time of click, and anti-virus engines to stop ransomware attacks. Research from SE Labs shows Proofpoint Essentials has one of the highest threat total accuracy ratings of all the market leading email security vendors.
Proofpoint Essentials is very easy to deploy with Office 365. Essentials is deployed between the Office 365 environment and the internet, sitting in front of your Office 365 tenant. To route mail to Office 365 requires changing your MX records. Because Essentials sits in front of Office 365, all emails are scanned to ensure they are safe. Infected and spam emails are automatically quarantined. Outbound emails are also routed via Proofpoint thus allowing data leakage (DLP) rules to be easily applied to stop confidential information being emailed out.
Proofpoint can be configured to allow end users to access their own quarantine, email archive and, manage their allow/deny lists, which helps to save IT departments time.
Get a Demo
Powerful Phishing Protection In An Easy To Use Platform
Avanan is a cloud-based email and application security solution that offers advanced protection against phishing, malware and account compromise attacks. Avanan’s email security platform operates from within the email environment and is designed to work seamlessly with Office365 and Google Workspace (formerly GSuite), so users can deploy it via an Office 365 app, or configure it manually within a few minutes. Once deployed, Avanan analyses all communication via inbound, outbound and internal email, as well as all connected Office 365 cloud applications like OneDrive and Teams, and secures them against advanced social engineering and data loss threats.
Avanan uses machine learning to analyze historical emails and learn each users’ communication patterns, enabling the platform to detect any signs of user impersonation and even the most current zero-day threats. It scans communications for over 300 indicators of account compromise, including domain, location and time of sending, and flags suspicious emails to mitigate against BEC attacks. Avanan’s advanced threat-hunting capabilities detect malicious behavior in real-time across the entire network, including suspicious URLs and attachments, and internal messages sent via other cloud-based applications, such as Microsoft Teams.
The Avanan platform is quick and easy to deploy: users looking to configure the solution manually can do so within minutes, without having to change their MX records. Those looking specifically for Office 365 protection can also secure their business quickly and efficiently via the Office 365 app. We recommend Avanan as a strong solution for any sized organization looking for powerful threat detection and mitigation within an Office 365 email environment.
Start Free Trial
SpamTitan complements Office 365 with threat protection, outbound controls and business continuity
SpamTitan provides powerful email security that offers comprehensive protection against advanced email threats such as CEO Impersonation protection, phishing attacks, malware and ransomware. SpamTitan can be deployed as a cloud-based solution or on-premise and provides effective protection for Office 365 email accounts with inbound email filtering, data loss protection and encryption, with advanced reporting and admin policies. is a strong email security platform for Office 365, with competitive pricing and an easy to manage admin console which makes the solution well suited for SMBs, enterprises and MSPs.
SpamTitan provides strong inbound threat protection, with multi-layered threat protection engines, including link analysis, full attachment sandboxing, zero-day attacks protection, mail spooling and spoofing protection. SpamTitan offers protection against advanced inbound threats such as ransomware, and also provides outbound email protection, with SPF, DKIM and DMARC checking. Admins can configure granular threat protection policies, including setting allow and deny lists, customizing data loss protection rules, and setting policies by users, domains and domain groups. SpamTitan also provides email encryption, helping to secure Office 365 emails and meeting compliance regulations.
SpamTitan is easy to manage and quick to deploy into the Office 365 environment. SpamTitan provides far more effective email filtering than the default Office 365 systems, while also offering more granular controls and policies than Microsoft allows. SpamTitan also provides backups for Office 365 mails servers to ensure business continuity, so if Office 365 is unavailable, users can continue to view incoming emails in a secure SpamTitan portal. SpamTitan also offers a strong range of outbound mail controls for Office 365. SpamTitan is popular with customers, who praise the service for its ease of deployment, cost-effective pricing and high-quality technical support.
Market Leading Phishing Protection
IRONSCALES provides powerful protection for Office 365 against phishing attacks, credential theft and business email compromise. IRONSCALES is fully cloud-based and works inside Office 365. This means IRONSCALES can identify suspicious email activity, like spoofed domains, and alert end users with warning banners inside their mailbox. This helps to prevent phishing and business email compromise, without impacting on end user productivity. IRONSCALES also uses multiple anti-virus engines to identify and remove emails with malicious links and attachments automatically. In tests by Expert Insights, IRONSCALES outperformed Microsoft Defender for O365 (ATP) for phishing detection and prevention.
Phishing attacks are perhaps the biggest threat facing businesses using Office 365. IRONSCALES’ provides a robust layer of security with their email protection platform. IRONSCALES also provides a suite of security awareness training tools, allowing admins to easily create simulated phishing emails, and test users effectiveness with spotting suspicious email attacks.
IRONSCALES combines machine learning technologies and human threat intelligence to identify malicious emails and remove them from user inboxes. Machine learning engines use contextual analysis, looking at factors like domain, time emails were sent, attachments and location to identify suspicious and malicious emails and remove them. IRONSCALES also allows end users to report emails that don’t look right with a button directly in the Office 365 mail app, on desktop or mobile. This intelligence is shared across their client base, so a phishing attack reported by an end user be shared to IRONSCALES customers all over the world.
IRONSCALES is built for use with Office 365. It integrates seamlessly with your Office 365 environment without requiring any configurations or new mail flow rules. Deploying the service is extremely easy – deployment takes 2 clicks and doesn’t require any MX record changes or rules to be setup. IRONSCALES is an ideal platform for stopping phishing attacks for organizations using Office 365.
Spam and Malware Protection, Archiving, Email Archiving, Data Leakage Prevention & Email Encryption
Mimecast are a global leader in cloud-based email management, securing over 36,000 customers around the world, including many large enterprises. Mimecast allows organizations to protect and manage their email, with a range of solutions for different email security use cases. This is delivered in one easy-to-manage platform as a subscription service. Mimecast offers Office 365 email customers with protection against email threats including phishing, malware and account compromise.
Mimecast provides comprehensive security for Office 365 cloud email with a range of solutions. Mimecast sits in front of your Office 365 tenant, using multi-layered threat detection engines to defend against attacks like spear-phishing, malware, viruses, spam and data breaches.
As well as stopping malicious emails from entering your email network, Microsoft Internal Email protect is deployed inside your email perimeter to detect and remediate against internal threats. This is designed to be used alongside Mimecast’s Security Awareness Training to protect users against sophisticated attacks such as spear-phishing and email fraud. Mimecast also offers mailbox-level compliant archiving of email data, with e-discovery support, legal hold and Office 365 disaster recovery
Mimecast also offer email encryption and DNS filtering, which is all part of their single security solution which is ideal for Office 365 users. Mimecast also offers Office 365 migration tools which can help to speed up and secure migration to the O365 platform. This automatically archives legacy emails and helps to ensure continuity in the case of network outages.
Isolating Web Links and Email Attachments
Menlo Security is a web security and isolation platform, ideal for mid-sized organizations and enterprise. They provide a powerful web security platform, with isolation at its core, which helps to protect organizations using Office 365 from all web and email-based threats. Menlo Security offers a full threat protection suite for Office 365, helping to improve the speed of access to Office 365, while maintaining security across all of your cloud applications.
Menlo’s Isolation platform addresses the gaps in email and web security that are open for attackers to exploit in Office 365. Menlo stops email attacks by fully isolating all potentially malicious content that can be spread via email, including URLs and attached documents, without interrupting the end user work-flow. Menlo’s phishing protection solution rewrites all web links, opening all content in isolation so there is no path for any malicious content to infect end user devices. In addition, Menlo will open all suspicious links sent via email in ‘read-only’ mode, in order to stop phishing attacks that look like genuine web pages. Menlo Security also provides document isolation, which provides safely rendered access to any attached files like PDFs and word documents sent via email, helping to stop malware and ransomware attacks.
Menlo Security is particularly well suited for use with Office 365. The Menlo platform is able to track how O365 users interact with web links, and provides greater investigative abilities for forensics, reporting and auditing than the inbuilt 0365 reporting. Menlo Security is straight forward to deploy with Office 365, it’s fully cloud based, and causes no interruption in email sending or changes in user experience.
Microsoft Defender for Office 365
Safe Links, Malware Scanning of Attachments
Microsoft Defender for Office 365 (formerly ATP) is Microsoft’s security platform built for enterprise customers on Office 365. Defender protects organizations against malicious email threats like phishing, malicious URLS and collaboration tools. Defender is included in some Office 365 subscriptions such as the Enterprise E5 tier, and can also be purchased as an additional add-on solution.
Defender includes threat protection policies, reports and investigation and response capabilities. Threat protection features include Safe Attachments, which checks email attachments for malicious content, and Safe Links, which provides time-of-click URL verification to prevent access to malicious web pages. Defender also includes anti-phishing protection. This module uses machine learning and impersonation detection algorithms to detect and block phishing attacks. However, this solution is not as effective as some third party solutions, such as IRONSCALES or Proofpoint. Microsoft Defender can however protect SharePoint, OneDrive and Teams from malicious files, which not many third party solutions can do effectively.
Research undertaken by third parties and other security vendors have found some significant issues with Defender’s threat protection capabilities, specifically with regard to its anti-phishing protection module. Research from SE Labs gave Defender a 35% total accuracy rating for detecting email attacks. Other vendors such as Avanan point out the relative immaturity of Advanced Threat Protection compared to other email security vendors on this list, and the ease in which hackers are able to create an Office 365 account and learn to evade security policies. On the other hand, Microsoft Defender is built for use with Office 365. It integrates seamlessly with your Office 365 environment without requiring any configurations or new mail flow rules. There are two versions of Microsoft Defender for Office 365 available, a starter tier which includes threat protection policies, and an advanced tier which also includes automated investigation and response.
Microsoft Compliance Center
The Microsoft 365 compliance center provides easy access to the data and tools you need to manage to your organization’s compliance needs. The compliance center allows you to easily view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. The Microsoft 365 security center is intended for security admins and security teams to better manage and protect their organization from data losss. This solution is integrated across Microsoft 365 services and provide s actionable insights to help reduce data risks.
The Microsoft Complaince Center is a home for monitoring and managing security across Microsoft accounts, data, devices, apps and infrastructure. It allows admins to easily view the health of their organization and configure devices, users and apps. It also provides alerts when suspicious activity occurs. Microsoft provides organizations with a Secure Score, with detailed reports and information on security posture and areas which can be improved.
From the Compliance center, admins can protect against data loss by adding labels to classify documents, email messages and websites. When a label is applied, this content is autamatically protected based on user-settings. This means that admins can create labels to encrypt files, and control user access to specific websites, for example. From here admins can also manage role-based access controls and proactively search for malware, suspicious files and activities.
Phishing and Business Email Compromise
Agari provide a cloud based email defense platform. It’s designed for organizations using Office 365 that don’t have a SEG like Proofpoint in place, but are struggling with attacks such as phishing and business email compromise. Agari adds protection against these identity based threats that works alongside the inbuilt threat security controls in Office 365, and add-on services like Office ATP.
Agari is fully focussed around protecting businesses from sophisticated email threats like phishing and business email compromise. They offer three threat detection products, Phishing Defense, Phishing Response, and Brand Protection. Phishing Defense is powered by Agari’s identity graph. This technology uses the relationships and behavioral patterns of brands, individuals individuals, brands, businesses, services, and domains using hundreds of characteristics, to identify anomalous behavior and determine the risk of emails being suspicious. This allows Agari to identity compromised accounts and block zero-day phishing attacks which would slip through the gaps in traditional security technologies’. Their Phishing Response module integrates with Office 365 to allow employees to report phishing attacks, which are then analysed by Agari and removed if needed. Agari claims to block 99.9% of advanced email attacks.
Agari is built on a cloud-native architecture, which can be integrated easily with Office 365 and Azure Active Directory. Agari also provides a deeper level of analytics than using Advanced Threat Protection alone for phishing protection. A common use case for Agari customers is using Office 365’s inbuilt spam filter to stop spam and unwanted bulk mail, as well as filtering unsafe URLs, and then using Agari’s platform as an extra layer against business email compromise and phishing attacks that are missed by Office 365 itself.
Spam Protection, Advanced Threat Protection
Vade Secure provides AI-based, predictive email security for Office 365. Vade Secure protects Office 365 applications like OneDrive and SharePoint from attacks that start at the email layer, with account compromise attempts such as phishing, spear-phishing and business email compromise. Vade uses AI-powered threat detection and remediation technologies which integrate easily into Office 365, for business customers and MSPs. Vade Secure uses a fully cloud native architecture.
Vade Secure utilizes machine learning models that perform real-time behavioural of all emails, URLs and attachments, looking for malicious contents. Threat detection data comes from over 600 million protected mailboxes globally. Vade Secure delivers multiple threat protection features. Vade analyses URLs and emails in real time, to protect against phishing attacks, and uses behavioural based machine learning to display warning banners on suspicious emails. Vade Secure also provides behavioural based anti-malware, which scans the origin, content and contents of email and attachments to stop the spread of malware and ransomware. Vade automatically removes emails they detect as being malicious, and allows admins to remove harmful messages in once click.
Vade Secure provides a fully native user experience for Office 365 users. It integrates with Office 365 via the Microsoft API, and so is easy to deploy, with no MX record changes required. Users are also therefore able to use Vade Secure to compliment Office 365’s inbuilt spam protection and Advanced Threat Protection. Vade uses Outlook folders to automatically sort grey-mail for users, but doesn’t offer a separate email quarantine for end users as a SEG solution would. Vade Secure has an MSP focus, offering customers using O365 simplified customer onboarding and provisioning.
Cisco Email Security for Office 365
Cisco offers a comprehensive email security gateway designed for use as an additional layer of protection for Office 365. This service is built for mid-sized and large organization, and is popular with higher education institutions and in healthcare. It’s designed to provide protection against threats like ransomware, business email compromise and phishing attacks, with threat intelligence from Cisco’s global threat intelligence teams.
Cisco Email Security sits on top of Office 365 to filters malicious emails, blocking ransomware business email compromise and phishing attacks. Cisco’s threat protection is powered by their market leading threat intelligence team. Cisco provides protection against URL-based threats like phishing attacks with real-time URL analysis, and protection against ransomware, with. Malicious file scanning and automatic mailbox remediation. Cisco’s platform offers admins a much greater level of control over emails than offered in Office 365 as standard, with much more granular threat intelligence and reporting. It’s a popular choice for education and healthcare organizations for these advanced policies, and high level of threat protection.
Cisco Cloud Email Security is designed to automate and speed up identifying and removing threats from Office 365. CES is an email security gateway solution, that sits between Office 365 and external domains, so it does require MX Record changes. However, customers in education report that the service can be deployed very quickly, with favourable licensing. Cisco also provides warnings to users inside their email inbox, alerting users when emails look like fraud attempts, alongside traditional spam and malware filtering.