This guide explains the ten essential Microsoft 365 security controls we recommend for charities to reduce cyber risk, improve governance and strengthen long-term resilience.

Control 3 of 10 Next Control >

What it is

Microsoft Defender is Microsoft’s integrated security platform designed to protect users, devices, email and Microsoft 365 services from modern cyber threats.

It combines multiple security technologies including:

  • Endpoint protection
  • Email threat protection
  • Anti-phishing
  • Malware detection
  • Ransomware protection
  • Threat intelligence
  • Automated investigation and response

Rather than reacting after an attack occurs, Microsoft Defender continuously monitors your environment to identify and respond to suspicious activity before it becomes a serious security incident.

Why it matters

Charities are increasingly targeted by phishing emails, ransomware attacks and account compromise because they hold valuable donor, financial and beneficiary information.

Traditional antivirus software is no longer sufficient on its own.

Microsoft Defender provides real-time visibility across your Microsoft 365 environment, helping detect threats earlier, investigate suspicious behaviour and reduce the likelihood of a successful cyber attack.

For organisations with limited internal IT resources, this additional visibility can make a significant difference.

Common mistakes

  • Assuming Microsoft Defender is “just antivirus.”
  • Leaving default policies unchanged.
  • Not enabling Safe Links and Safe Attachments.
  • Ignoring security alerts.
  • Never reviewing threat reports.
  • Not protecting mobile devices.

Bunker's Recommended Approach

Microsoft Defender should be configured as part of a wider Microsoft 365 security strategy rather than deployed with default settings.

We recommend reviewing email protection policies, endpoint security, automated investigation capabilities and reporting to ensure Defender is aligned with your charity’s operational needs and risk profile.

Regular monitoring and policy reviews help ensure protection evolves alongside new cyber threats and organisational change.

How We Helped a UK Charity Strengthen Microsoft Defender

During a Microsoft 365 Security Review for a UK charity with more than 150 employees, we found Microsoft Defender had been deployed using largely default settings, with limited visibility of phishing attempts and endpoint threats.

Working with the charity, we:

  • Reviewed Microsoft Defender configuration.
  • Enabled Safe Links and Safe Attachments.
  • Improved endpoint protection policies.
  • Configured automated investigation and response.
  • Introduced regular security reporting for leadership.

As a result, the charity gained greater visibility of cyber threats, improved protection against phishing and ransomware, and strengthened its overall Microsoft 365 security posture.

Many charities already have Microsoft Defender included within their licensing but only use a fraction of its capabilities. During Microsoft 365 Security Reviews we often identify simple configuration improvements that significantly strengthen protection without increasing licensing costs.

Ready to review your Microsoft 365 security?

Whether you're preparing for Cyber Essentials, reviewing your current IT provider or simply want to understand your Microsoft 365 security posture, we'll help you identify practical improvements that reduce risk and support your organisation's goals.

FAQ – Microsoft Defender

What is Microsoft Defender?

Microsoft Defender is Microsoft’s integrated security platform that protects devices, email, users and Microsoft 365 services against cyber threats such as phishing, ransomware, malware and suspicious activity.

Is Microsoft Defender just antivirus software?

No. While Microsoft Defender includes antivirus capabilities, it also provides advanced threat detection, email security, endpoint protection, automated investigation and threat intelligence, making it a much broader security platform.

Is Microsoft Defender included with Microsoft 365?

Many Microsoft 365 Business Premium licences include Microsoft Defender for Business. Additional Defender products and features may require higher-level Microsoft security licences depending on your organisation’s requirements.

Can Microsoft Defender help protect against ransomware?

Yes. Microsoft Defender helps detect ransomware behaviour, blocks known malicious activity and provides security alerts to help organisations respond quickly to potential attacks.

How often should Microsoft Defender be reviewed?

We recommend reviewing Microsoft Defender policies, alerts and security reports at least monthly to ensure protection remains aligned with evolving cyber threats and organisational change.

How can Bunker help?

Bunker helps UK charities assess, configure and optimise Microsoft Defender as part of our Microsoft 365 Security Review. We ensure your security controls are configured to reduce organisational risk while supporting your charity’s day-to-day operations.

Bunker Technical Solutions Cyber Security Team | Last reviewed: July 2026

Control 3 of 10 Microsoft Secure Score for UK Charities >
Logo
Helping you Build Secure, Future-Ready Technology

If you're reviewing your current MSP, concerned with cyber security or preparing your organisation for AI.