Most organizations running Microsoft 365 already possess substantial email security capabilities they may not fully understand or have properly configured. Before investing in additional third-party tools, security leaders need a clear picture of what native protections exist, where gaps remain, and how to build an effective defense-in-depth strategy.

This article draws from insights shared in Abnormal's ThreatStream webinar on Direct Send abuse. Watch the full recording to see real attack examples and behavioral AI detection in action.

• Exchange Online Protection provides baseline anti-spam and anti-malware filtering with all M365 subscriptions, but many advanced protections require manual configuration

• Native Microsoft 365 email security tools may conflict with third-party SEGs when both are deployed, often requiring organizations to disable key protections

• Sophisticated attacks like BEC, credential phishing, and QR code attacks can bypass both native M365 protections and traditional SEGs

• A defense-in-depth approach combining native protections with behavioral AI at the mailbox layer addresses gaps that perimeter-based solutions miss

Microsoft 365 email security encompasses the suite of built-in protections included with M365 subscriptions, ranging from Exchange Online Protection (EOP) to Microsoft Defender for Office 365. These capabilities provide organizations with foundational defenses against common email threats without requiring additional purchases.

The challenge is that many organizations don't fully understand the scope of their existing protections. EOP comes standard with all M365 subscriptions and handles anti-spam, anti-malware, and basic filtering. However, more advanced threat protection features require Microsoft Defender for Office 365, which comes in Plan 1 and Plan 2 configurations with different capability sets.

Understanding this distinction matters because organizations frequently pay for redundant third-party tools when native M365 protections may suffice for certain use cases. Security teams should conduct thorough assessments of their current M365 licensing to identify which protections they already have access to before layering additional solutions.

The key differentiator between baseline EOP and Defender plans lies in advanced threat protection capabilities. Safe Links, Safe Attachments, and enhanced anti-phishing policies require Defender licensing. Plan 2 adds automated investigation and response capabilities along with advanced hunting tools for security operations teams.

Native M365 email security matters because it determines both your baseline protection level and the architectural decisions required to address remaining gaps. Many organizations discover they're paying for overlapping protections across multiple solutions without realizing it.

The integration advantage of native tools cannot be overstated. Microsoft-native security features work seamlessly within the M365 ecosystem, sharing threat intelligence and providing unified management through the Microsoft 365 security center. This tight integration reduces operational complexity and eliminates potential conflicts between disparate security tools.

However, the real question security leaders face isn't whether native protections exist—it's whether they're sufficient for the current threat landscape. While traditional architectures effectively block the vast majority of email threats, the remaining sophisticated attacks that slip through pose the greatest organizational risk. Business email compromise (BEC) attacks alone caused $2.77 billion in losses across 21,442 reported incidents in 2024, accounting for more than 17% of the $16.6 billion in total financial damages reported to the FBI IC3.

This is where understanding the limitations of any single solution becomes critical. Native M365 protections provide strong foundational security, but they operate within specific architectural constraints that sophisticated attackers have learned to exploit.

EOP provides the foundational layer of email security for all M365 customers. This includes connection filtering, anti-malware scanning, mail flow rules, and anti-spam policies. These protections activate automatically and handle the bulk of commodity threats targeting organizations.

However, EOP has inherent limitations that security teams must understand. When organizations deploy third-party secure email gateways, vendors often recommend disabling or bypassing EOP's IP reputation, spam filtering, and advanced threat protection features. This creates a dependency on the SEG while leaving native protections dormant.

Defender for Office 365 extends beyond EOP's capabilities with advanced threat protection features. Plan 1 includes Safe Attachments for sandbox detonation of suspicious files, Safe Links for URL rewriting and time-of-click protection, and enhanced anti-phishing policies with impersonation detection.

Plan 2 adds Threat Explorer for real-time reporting, Automated Investigation and Response (AIR) for streamlined incident handling, and attack simulation training for security awareness programs. These capabilities significantly enhance an organization's ability to detect and respond to sophisticated threats.

Proper configuration of SPF, DKIM, and DMARC within M365 forms a critical layer of email authentication. These protocols help prevent domain spoofing and provide visibility into unauthorized email sources claiming to represent your organization.

A common gap in many environments is incomplete DMARC implementation. Starting with a "none" policy provides visibility but no enforcement. Moving to "quarantine" or "reject" policies completes the DMARC journey and actively blocks unauthenticated messages.

Security teams face four primary challenges when relying on native M365 protections: configuration complexity, Direct Send vulnerabilities, authentication failures, and advanced evasion techniques.

Configuration complexity remains a significant hurdle. Many protective features require manual enablement and ongoing tuning. Organizations that assume default settings provide comprehensive protection often discover gaps when targeted by sophisticated attacks.

Direct Send vulnerabilities represent a particularly concerning gap. This Microsoft feature allows emails to be sent directly to mailboxes without authentication, bypassing both third-party SEGs and many EOP protections. As Jesus Garcia, Solutions Architect at Abnormal, explained in the webinar: "The Microsoft tenant is configured to accept emails via this smart host. Direct send traffic never gets inspected by the third party secure email gateway." What makes this vulnerability especially dangerous is the low barrier to exploitation. Attackers only need a target's email address to derive the predictable smart host format and weaponize it using PowerShell or Python scripts.

Some organizations attempt to address Direct Send risks manually. Garcia noted that security teams share workarounds on forums, creating transport rules and PowerShell commands to block Direct Send traffic. While these DIY approaches can help, they require ongoing maintenance and may break legitimate use cases. Manual rules also lack the contextual awareness to distinguish between malicious Direct Send abuse and legitimate internal traffic.

Authentication failures present another challenge. When SPF and DMARC checks fail but mail still delivers, it indicates misconfigured policies or legitimate use cases that create security blind spots. Attackers specifically target these authentication gaps.

Advanced evasion techniques continue evolving. Native tools may struggle with sophisticated BEC attacks, credential phishing campaigns, and emerging threats like QR code attacks. Traditional URL analysis tools cannot interact with CAPTCHAs that hide malicious payloads from automated scanning.

The architectural differences between perimeter-based SEGs and cloud-native M365 protection create important trade-offs that security teams must evaluate.

Traditional SEG architecture positions the gateway at the perimeter, inspecting and quarantining emails before they reach Exchange Online. This approach provides an additional inspection layer but introduces complexity. SEG vendors often recommend disabling native EOP protections to prevent conflicts, effectively trading one security layer for another rather than achieving true defense-in-depth.

Garcia described this common scenario: "These manufacturers often recommend that IP reputation, spam filtering, and advanced threat protection features are either disabled or bypassed."

Cloud-native M365 protection eliminates the perimeter gateway model but may lack the specialized detection capabilities that dedicated security vendors provide. Organizations must weigh integration simplicity against potential detection gaps.

Decision framework considerations:

• Organizations with complex legacy infrastructure may benefit from SEG's flexibility

• Smaller organizations or those fully committed to M365 may find native protections sufficient with proper configuration

• Neither approach alone addresses sophisticated attacks that evade traditional detection methods

The most effective architectures recognize that both approaches have blind spots. Behavioral AI at the mailbox layer provides visibility regardless of whether mail flows through a SEG or directly to Exchange Online.

Audit existing protections before purchasing additional tools. Many organizations discover they're paying for M365 Defender capabilities they haven't enabled. Conduct a thorough review of your current licensing and activation status.

Complete your DMARC implementation. Move from monitoring ("none") to enforcement ("quarantine" or "reject"). This closes a significant gap that attackers routinely exploit for domain spoofing attacks.

Test configurations against current threats. Use attack simulation features in Defender Plan 2 or engage red team services to validate that your protections work as expected against real-world attack techniques.

Address Direct Send risks. Evaluate whether your organization uses unauthenticated Direct Send for legitimate purposes. If not, consider implementing transport rules or PowerShell configurations to block this attack vector.

Implement defense-in-depth with behavioral AI. Native protections and SEGs both operate on the same fundamental model: inspecting mail at specific points in the delivery path. Adding behavioral AI at the mailbox layer provides protection regardless of how mail enters the environment.

Organizations across industries face similar challenges with M365 email security gaps. The webinar detailed several attack patterns that exploit these vulnerabilities.

QR code credential phishing campaigns abuse Direct Send to deliver voicemail notification emails containing PDF attachments. Inside these PDFs, QR codes direct users to credential harvesting pages protected by CAPTCHAs that prevent automated URL analysis. Users instinctively scan QR codes without verifying their origin or destination.

Government impersonation attacks targeting state and local education demonstrate how attackers abuse trusted Microsoft infrastructure. These campaigns make emails appear to originate from legitimate internal government domains, containing HTML attachments with encrypted payloads. As Garcia challenged in the webinar: "How effective are those sandboxing and static signature-based scanning tools when the payload is encrypted?" This encryption renders traditional detection methods ineffective, allowing attackers to evade sandbox analysis entirely.

Calendar invite attacks represent an increasingly common vector that bypasses traditional email inspection entirely. Attackers inject malicious content directly into user calendars through meeting invitations, exploiting the implicit trust users place in calendar notifications. Neither SEGs nor native M365 tools handle this attack type effectively because the malicious payload exists within calendar data rather than email body content. Users accept meeting invites reflexively, especially when the sender appears to be a colleague or executive. The calendar becomes the attack surface, and traditional email-focused security tools have no visibility into this communication channel.

Understanding your Microsoft 365 email security posture is the first step toward building effective defenses. Native protections provide substantial value when properly configured, but no single solution addresses all attack vectors sophisticated threat actors employ.

The most resilient architectures combine native M365 capabilities with behavioral AI that leverages three detection layers: Identity Awareness to verify sender legitimacy through communication pattern modeling, Context Awareness to analyze 43,000 signals per email and perform social graphing that understands whether two parties typically communicate at specific times about specific topics, and Risk Awareness to evaluate payload and content anomalies. This depth of analysis provides visibility and protection regardless of how mail enters the environment, eliminating the blind spots created by Direct Send, authentication bypasses, and advanced evasion techniques.

Watch the full Threat Stream webinar for real-world attack examples and behavioral AI detection in action.