Most email platforms, including Office 365, incorporate a basic email filtering service that blocks most spam emails and many phishing threats. These services also incorporate antivirus protection which blocks all known malware threats. They can be viewed as the first line of defense that will keep businesses reasonably well protected, but they are usually not sufficiently advanced and fail to identify and block zero-day threats such as new phishing emails and malware that has not previously been classified as malicious.

Office 365 and EOP

Office 365 is a good example, being the most widely adopted cloud-based email service. The basic level of protection comes from Exchange Online Protection or EOP. EOP is effective at blocking spam, known malware, and basic phishing attacks, but falls short when it comes to advanced threats such as spear phishing, BEC attacks, and zero-day threats. These threats often pass through unimpeded and land in inboxes where they can be clicked by employees.

Source: DZone