Gartner^® on Email Security in 2021

Determining If Email Security in Office 365 Meets Your Organization’s Needs

By Ravisha Chugh, Mark Harris

OVERVIEW

Microsoft offers varying email security capabilities often leaving customers confused about its choice of best license. Security and risk management leaders responsible for email security should use this research to determine whether its native capabilities meet their organization’s requirements.

KEY CHALLENGES

• Exchange Online Protection (EOP) is Microsoft’s default email security capability that lacks advanced anti-phishing and other threat protection capabilities.
• With the rise of business email compromise (BEC)-type phishing, no secure email gateway (SEG) is 100% effective in blocking all attacks. This increase requires an additional email security solution for organizations with stringent email security needs.
• Remote working has led to an increase in usage of messaging and collaboration tools that has introduced new threats to many organizations.

RECOMMENDATIONS
Security and risk management leaders responsible for email security should:

• Compare different Microsoft offerings by documenting their email requirements versus what Microsoft can provide.
• Evaluate Microsoft’s built-in email security solution and consider augmenting or replacing it with a third-party solution if it doesn’t meet your requirements.
• Assess Office 365 Advanced Threat Protection (now called Microsoft Defender for Office 365 [MSDO]) for the prevention of threats in Teams, OneDrive and SharePoint. However, organizations would have to implement a cloud access security broker (CASB) or other email security product for other collaboration platforms.