It’s crucial that organizations using Office 365 find and implement a strong, multi-layered email security solution for their users. Office 365 has quickly become the most popular cloud based platform, making it a prime target for attackers looking for an easy way to compromise email data. In the cloud, email has remained the number one threat vector, with attacks like phishing attacks, spam and ransomware becoming major issues for many businesses.
In this guide, we’ll take you through the top email security solutions for use with Office 365. This will cover many different kinds of email security technologies. This includes Secure Email Gateways, which filter malicious emails before they enter users’ inboxes, Phishing Protection platforms that automatically remove phishing attacks, and email encryption solutions that secure email communications.
We’ll cover the key features of these solutions, what makes them perfect to secure emails with Office 365, and what types of customers they are most suitable for. Information in this article has been gathered from our own research, and from the views of customers who we have spoken to and have left reviews on the Expert Insights platform.
Avanan is a cloud-based email and application security solution that offers advanced protection against phishing, malware and account compromise attacks. Avanan’s email security platform operates from within the email environment and is designed to work seamlessly with Office365 and Google Workspace (formerly GSuite), so users can deploy it via an Office 365 app, or configure it manually within a few minutes. Once deployed, Avanan analyses all communication via inbound, outbound and internal email, as well as all connected Office 365 cloud applications like OneDrive and Teams, and secures them against advanced social engineering and data loss threats.
Avanan uses machine learning to analyze historical emails and learn each users’ communication patterns, enabling the platform to detect any signs of user impersonation and even the most current zero-day threats. It scans communications for over 300 indicators of account compromise, including domain, location and time of sending, and flags suspicious emails to mitigate against BEC attacks. Avanan’s advanced threat-hunting capabilities detect malicious behavior in real-time across the entire network, including suspicious URLs and attachments, and internal messages sent via other cloud-based applications, such as Microsoft Teams. By sitting behind Office 365 in the mail flow, Avanan is able to train its AI on the sophisticated attacks that Microsoft misses.
The Avanan platform is quick and easy to deploy: users looking to configure the solution manually can do so within minutes, without having to change their MX records. Those looking specifically for Office 365 protection can also secure their business quickly and efficiently via the Office 365 app. We recommend Avanan as a strong solution for any sized organization looking for powerful threat detection and mitigation within an Office 365 email environment.
IRONSCALES provides powerful protection for Office 365 against phishing attacks, credential theft and business email compromise. IRONSCALES is fully cloud-based and works at the mailbox level. This means IRONSCALES can identify suspicious email activity, like spoofed domains, and alert end users with warning banners inside their mailbox. This helps to prevent phishing and business email compromise, without impacting end-user productivity. IRONSCALES also uses multiple anti-virus engines to identify and remove emails with malicious links and attachments automatically. In tests by Expert Insights, IRONSCALES outperformed Microsoft Defender for O365 (ATP) for phishing detection and prevention.
Phishing attacks are perhaps the biggest threat facing businesses using Office 365. IRONSCALES provides a robust layer of security with its email protection platform. IRONSCALES also provides a suite of security awareness training tools, allowing admins to easily create simulated phishing emails, and test users’ effectiveness in spotting suspicious email attacks. IRONSCALES also offers protection against malicious links and attachments in Microsoft Teams environments.
IRONSCALES combines machine learning technologies and human threat intelligence to identify malicious emails and remove them from end-user inboxes. Machine learning engines use contextual analysis, looking at factors like domain, time emails were sent, attachments, location, and suspicious language to identify phishing emails and to remove them automatically in just milliseconds. IRONSCALES also allows end-users to report emails that don’t look right with a button located directly in the Office 365 mail app, on desktop or mobile. This intelligence is shared across their client base, so a phishing attack reported by one end-user is shared with IRONSCALES customers all over the world.
IRONSCALES is built for use with Office 365. It integrates seamlessly with your Office 365 environment via Graph API without requiring any configurations or new mail flow rules. Deploying the service is extremely easy – deployment takes 2 clicks and doesn’t require any MX record changes. IRONSCALES is an ideal platform for stopping phishing attacks on organizations using Office 365.
Trustifi helps organizations secure their email communications against inbound threats such as spear phishing, malware and account takeover attempts, as well as encrypt outbound emails to protect sensitive email data at rest, in storage and in transit. With a native integration for Office 365 and a range of customizable protection settings, Trustifi makes it easy for businesses to secure their inboxes and ensure compliance with data protection standards.
Trustifi’s Inbound Shield scans all inbound emails for malicious content, ranking each email according to its threat level and threat type. If an email is deemed malicious, Trustifi quarantines or removes it according to admin-configured policies. The Inbound Shield also offers blacklisting and whitelisting to prevent repeat attacks from known malicious addresses, and to ensure that emails from safe external senders aren’t mistakenly blocked, helping to reduce false positives.
Trustifi’s Outbound Shield enables organizations to apply AES 256-bit encryption to their outbound emails, ensuring that all sensitive data is sent securely and in compliance with data protection standards such as HIPAA, PCI-DSS and FINRA. Via the Office 365 plug-in, end users can easily encrypt emails without having to leave their inbox and log into a separate portal. Recipients can easily open encrypted emails through the Trustifi web portal—even if they don’t have a Trustifi account themselves. For added security, admins can enable two-factor authentication that requires recipients to verify their identities before accessing encrypted emails.
Trustifi deploys in Office 365 via an API integration, and the solution comes with pre-configured settings to provide instant protection upon deployment, which admins can customize to meet the specific security and compliance requirements of their organization. We recommend Trustifi as an intuitive, user-friendly solution for any-sized organization looking to protect their Office 365 client against inbound threats, as well encrypt their most sensitive email content.
ESET is a global cybersecurity provider offering solutions for organizations across web, endpoint, email and network protection. Their Cloud Office Security solution provides comprehensive security for Microsoft Office 365 applications, including anti-malware for Microsoft 365 Exchange Online, Teams, OneDrive and SharePoint. This solution helps to reduce the risk of spam, malware and ransomware, and other targeted attacks including phishing and spear-phishing. One of the benefits of this solution is that it provides holistic protection for Office 365 as well as security for the email channel.
ESET Cloud Office Security provides a strong level of threat protection to complement the controls offered by Office 365. It scans inbound and outbound emails for harmful content and malicious URLs and automatically deletes, quarantines, or blocks malicious emails. It also scans content in Teams, OneDrive and SharePoint for malicious links or attachments, automatically quarantining or deleting malicious documents or messages. Admins can customize threat protection policies, with a range of configuration options available. These include policies for the level of threat detection required, the remediation steps for suspicious email messages, and options for email quarantines. These policies can be set at an individual user level, for groups, or for the entire organization. Within the admin console, you can also view reports and logs, set up reports to be emailed to admins, and release emails from quarantine.
Deploying ESET Cloud Office Security to Office 365 is extremely easy and takes only a matter of minutes. The core strength of this solution is its virus scanning and anti-malware, which works across Microsoft Office applications. It provides comprehensive protection for Office 365, going beyond the capabilities of many competing email security platforms that focus only on email protection. This solution should not be considered as an alternative to an email security gateway solution, but instead as a strong layer of protection across O365, with enhanced protection for email, OneDrive, SharePoint and Teams. We’d recommend ESET Cloud Office Security as an ideal solution for organizations seeking holistic protection for Office 365.
SpamTitan provides powerful email security that offers comprehensive protection against advanced email threats such as CEO Impersonation protection, phishing attacks, malware and ransomware. SpamTitan can be deployed as a cloud-based solution or on-premise and provides effective protection for Office 365 email accounts with inbound email filtering, data loss protection and encryption, with advanced reporting and admin policies. is a strong email security platform for Office 365, with competitive pricing and an easy to manage admin console which makes the solution well suited for SMBs, enterprises and MSPs.
SpamTitan provides strong inbound threat protection, with multi-layered threat protection engines, including link analysis, full attachment sandboxing, zero-day attacks protection, mail spooling and spoofing protection. SpamTitan offers protection against advanced inbound threats such as ransomware, and also provides outbound email protection, with SPF, DKIM and DMARC checking. Admins can configure granular threat protection policies, including setting allow and deny lists, customizing data loss protection rules, and setting policies by users, domains and domain groups. SpamTitan also provides email encryption, helping to secure Office 365 emails and meeting compliance regulations.
SpamTitan is easy to manage and quick to deploy into the Office 365 environment. SpamTitan provides far more effective email filtering than the default Office 365 systems, while also offering more granular controls and policies than Microsoft allows. SpamTitan also provides backups for Office 365 mails servers to ensure business continuity, so if Office 365 is unavailable, users can continue to view incoming emails in a secure SpamTitan portal. SpamTitan also offers a strong range of outbound mail controls for Office 365. SpamTitan is popular with customers, who praise the service for its ease of deployment, cost-effective pricing and high-quality technical support.
Proofpoint is a global leader in email security solutions, protecting over 100,00 businesses around the world. Proofpoint Essentials is a fully cloud-based secure email gateway, designed to protect small and medium-sized businesses using Office 365 from email threats. Proofpoint Essentials combines a powerful secure email gateway platform with email archiving, encryption, and data loss prevention.
Proofpoint offers multiple threat protection features to stop data breaches and email threats. Proofpoint uses multi-layered email security engines to prevent threats like spam, malware and phishing attacks. This includes URL defense (Safe Links) to block malicious email links at time of click, and anti-virus engines to stop ransomware attacks. Research from SE Labs shows Proofpoint Essentials has one of the highest threat total accuracy ratings of all the market leading email security vendors.
Proofpoint Essentials is very easy to deploy with Office 365. Essentials is deployed between the Office 365 environment and the internet, sitting in front of your Office 365 tenant. To route mail to Office 365 requires changing your MX records. Because Essentials sits in front of Office 365, all emails are scanned to ensure they are safe. Infected and spam emails are automatically quarantined. Outbound emails are also routed via Proofpoint thus allowing data leakage (DLP) rules to be easily applied to stop confidential information being emailed out.
Proofpoint can be configured to allow end users to access their own quarantine, email archive and, manage their allow/deny lists, which helps to save IT departments time.
Microsoft Defender for Office 365 (formerly ATP) is Microsoft’s security platform built for enterprise customers on Office 365. Defender protects organizations against malicious email threats like phishing, malicious URLS and collaboration tools. Defender is included in some Office 365 subscriptions such as the Enterprise E5 tier, and can also be purchased as an additional add-on solution.
Defender includes threat protection policies, reports and investigation and response capabilities. Threat protection features include Safe Attachments, which checks email attachments for malicious content, and Safe Links, which provides time-of-click URL verification to prevent access to malicious web pages. Defender also includes anti-phishing protection. This module uses machine learning and impersonation detection algorithms to detect and block phishing attacks. However, this solution is not as effective as some third party solutions, such as IRONSCALES or Proofpoint. Microsoft Defender can however protect SharePoint, OneDrive and Teams from malicious files, which not many third party solutions can do effectively.
Research undertaken by third parties and other security vendors have found some significant issues with Defender’s threat protection capabilities, specifically with regard to its anti-phishing protection module. Research from SE Labs gave Defender a 35% total accuracy rating for detecting email attacks. Other vendors such as Avanan point out the relative immaturity of Advanced Threat Protection compared to other email security vendors on this list, and the ease in which hackers are able to create an Office 365 account and learn to evade security policies. On the other hand, Microsoft Defender is built for use with Office 365. It integrates seamlessly with your Office 365 environment without requiring any configurations or new mail flow rules. There are two versions of Microsoft Defender for Office 365 available, a starter tier which includes threat protection policies, and an advanced tier which also includes automated investigation and response.
Mimecast are a global leader in cloud-based email management, securing over 36,000 customers around the world, including many large enterprises. Mimecast allows organizations to protect and manage their email, with a range of solutions for different email security use cases. This is delivered in one easy-to-manage platform as a subscription service. Mimecast offers Office 365 email customers with protection against email threats including phishing, malware and account compromise.
Mimecast provides comprehensive security for Office 365 cloud email with a range of solutions. Mimecast sits in front of your Office 365 tenant, using multi-layered threat detection engines to defend against attacks like spear-phishing, malware, viruses, spam and data breaches.
As well as stopping malicious emails from entering your email network, Microsoft Internal Email protect is deployed inside your email perimeter to detect and remediate against internal threats. This is designed to be used alongside Mimecast’s Security Awareness Training to protect users against sophisticated attacks such as spear-phishing and email fraud. Mimecast also offers mailbox-level compliant archiving of email data, with e-discovery support, legal hold and Office 365 disaster recovery
Mimecast also offer email encryption and DNS filtering, which is all part of their single security solution which is ideal for Office 365 users. Mimecast also offers Office 365 migration tools which can help to speed up and secure migration to the O365 platform. This automatically archives legacy emails and helps to ensure continuity in the case of network outages.
Abnormal Security is a cloud-native email security provider. The Abnormal platform uses behavioral AI to protect against inbound threats such as business email compromise, spear phishing, supply chain compromise and malware, as well as internal account takeover. A Microsoft Preferred Solution, Abnormal offers a native API integration with Microsoft 365 that allows users of the MS Office 365 email client to implement security without making MX record changes or turning off Microsoft’s built-in security features.
Abnormal uses behavioral AI to create a baseline of each user’s regular communication patterns, then analyzes each email for over 45,000 indicators of deviant behaviors that may suggest compromise. A risk profile is created for each email; Abnormal rewrites the URLs in suspicious emails and, if deliverable, inserts relevant warning banners into the email body, notifying the user of the threat type and severity. In addition to preventing inbound attacks, Abnormal also scans internal communications for malicious east-west activity. Accounts displaying anomalous behavior are automatically logged out of their active session and the platform also triggers automatic Microsoft 365 password resets, preventing attackers from regaining access.
Abnormal’s native integration with Microsoft 365 enables organizations to deploy the solution within minutes, without needing to set custom policies to work around Microsoft Defender for Office 365. This enables organizations to implement unified email security, controlled via one admin console, without the need for an additional Secure Email Gateway layer. Customers praise Abnormal for its easy integration with Microsoft 365, its powerful threat detection, and the engaged support team. We recommend Abnormal to all organizations looking to protect their users against email threats within Office 365, and particularly those valuing easy deployment and ongoing management.
Cisco offers a comprehensive email security gateway designed for use as an additional layer of protection for Office 365. This service is built for mid-sized and large organization, and is popular with higher education institutions and in healthcare. It’s designed to provide protection against threats like ransomware, business email compromise and phishing attacks, with threat intelligence from Cisco’s global threat intelligence teams.
Cisco Email Security sits on top of Office 365 to filters malicious emails, blocking ransomware business email compromise and phishing attacks. Cisco’s threat protection is powered by their market leading threat intelligence team. Cisco provides protection against URL-based threats like phishing attacks with real-time URL analysis, and protection against ransomware, with. Malicious file scanning and automatic mailbox remediation. Cisco’s platform offers admins a much greater level of control over emails than offered in Office 365 as standard, with much more granular threat intelligence and reporting. It’s a popular choice for education and healthcare organizations for these advanced policies, and high level of threat protection.
Cisco Cloud Email Security is designed to automate and speed up identifying and removing threats from Office 365. CES is an email security gateway solution, that sits between Office 365 and external domains, so it does require MX Record changes. However, customers in education report that the service can be deployed very quickly, with favourable licensing. Cisco also provides warnings to users inside their email inbox, alerting users when emails look like fraud attempts, alongside traditional spam and malware filtering.