Join Us at the Black Hat CISO Event at Mandalay Bay on August 5 RSVP Now.×
Home » Spin.AI Blog » Cybersecurity » Microsoft 365 » What is Exchange Online: Key Details about Microsoft Product
April 28, 2023 | Updated on: April 11, 2024 | Reading time 9 minutes

What is Exchange Online: Key Details about Microsoft Product

Avatar photo

Vice President of Product

Exchange Online is a service for communication and email. It can be used alone or as part of Microsoft 365 (former Office 365). This article answers the question “What is Exchange Online?” comprehensively and helps companies understand if this tool meets their business needs.

What is Exchange Online?

Microsoft Exchange Online is a platform for business communication. It has a mail server and cloud apps for email, contacts, and calendars. Though it is a cloud service, users with an on-prem Microsoft solution Outlook, can also access it.

This solution allows businesses to use powerful cloud computing without needing to install it on their premises.

Key Features of Exchange Online

In this section, we discuss the key features of Exchange Online, both as a standalone service and part of Microsoft 365.

Inbox, Calendar, and People

These are several main services that comprise Exchange Online. They enable your employees to communicate with each other, your corporate clients, and your business partners.

Exchange Online can connect with mail clients like Microsoft Outlook and offers up to 100 GB of email storage space.

Exchange Online connects with calendar apps that can act as task managers and tools for setting up meetings. One of the great features is shared calendars. Your team can create shared calendars to manage their meetings in a better way. The ‘People’ feature is a contact list.


Because Microsoft Exchange Online is a cloud solution, you can easily scale it depending on your business needs.


IT teams can manage Microsoft Exchange in a dedicated Admin Center.


Users can access their inboxes, calendars, and contacts anywhere and via any endpoint. All they need is access to the internet.


Exchange Online has several security features:

  • anti-malware
  • anti-spam
  • data control in lost devices
  • enforced multistep authentication
  • Data Loss Prevention (in certain plans)
  • geographical location user control.

Please keep in mind that these security features do not provide enough online protection for your cloud data. The key vulnerabilities of Exchange online remain the same:

  • human error (e.g., accidentally deleted email)
  • ransomware (yes, filters do not sift all the malware)
  • man-in-the-middle attack
  • zero-day attack

If you want to prevent your data from loss, use MSO 365 backup.

Knowledge Center and support

Exchange Online has Microsoft FastTrack, a Knowledge Center for clients with 50+ licenses. In addition, Admins can call support via a 24/7 telephone line.

Additional features for purchase

You can enhance your Microsoft Exchange Online with several services for purchase.

  • Exchange Online Protection

For an extra $1 per user per month, Exchange Online Protection adds more security to your emails, calendars, and contacts. The features of this service include additional protection against spam and malware. It also includes filters for compliance. Additionally, it offers separate outbound send-outs to prevent spam punishment for your IP address.

  • Exchange Online Archiving

Sold at $3 per user per month, Exchange Online Archiving offers you several important features. These include the ability to archive mailbox, find data easily with eDiscovery, and retention policies as part of data loss prevention efforts.

Pricing and plans of Exchange Online

Microsoft Exchange Online is available in all Microsoft plans for businesses (Business Basic, Business Standard, Business Premium) and enterprises (E3, E5, and F3).

Additionally, you can purchase Exchange Online for your business separately. There are two plans:

What is Exchange Online: Pricing

Microsoft Exchange Online Plan 1

This is a basic Microsoft Exchange Online Plan. It costs only $4 per user per month and provides 50 GB for inbox. Its functionality includes all the features discussed in the previous section.

Microsoft Exchange Online Plan 2

If you want a larger inbox, you can have Microsoft Exchange Online plan 2 (150 GB). It has all the features of Plan 1, plus Data Loss Prevention and Voicemail.

Exchange Online as part of Business or Enterprise Plans

These plans do not have a dedicated storage space for emails. It is part of the overall storage space allocated to each user.

Key considerations when choosing the plan

When choosing between Microsoft Exchange Online plans, we suggest answering the following questions:

  • Do we need only mail and calendaring service, or will our business benefit more from purchasing the whole set of collab tools?
  • How much inbox storage space do our employees require?
  • Do we need additional data protection, like Data Loss Prevention, or do we have other solutions in place?
  • What is our budget?

Exchange Online vs. Microsoft 365 vs. Exchange Server vs. Outlook – Comparison

Often businesses can’t tell the difference between Exchange Online, Exchange Server, Microsoft Outlook, and Microsoft 365.

Are Exchange Online and Microsoft 365 the same?

There’s a substantial difference between Microsoft 365 and Exchange Online.

Office 365 is a set of collaborative tools for businesses, like text editor (Word), spreadsheet (Excel), presentation builder (PowerPoint), corporate messenger (Teams), etc. It includes inter alia email servers and applications for sending emails (Exchange Online).

Note that Office 365 is an old name. Recently Microsoft has renamed all its products for business into Microsoft 365. There are three plans for SMBs and three plans for enterprises. In addition, businesses can buy a set of desktop applications from Microsoft.

Related Link:  Microsoft 365 vs. Office 365: How Backup & Ransomware Companies Confuse Buyers

Summing up, Microsoft Exchange Online is integral to Microsoft 365 plans (except for Apps for business). However, it can also be purchased separately from Microsoft 365 suite as a standalone service.

What’s the difference between Exchange Online and Exchange Server?

This one is tricky because Microsoft Exchange Server is very similar to Exchange Online. Both are mail and calendaring servers. The difference is that Exchange Online is a cloud solution that also works with desktop email clients.

Meanwhile, Microsoft Exchange Server is an on-prem tool. In particular, it operates only within Windows Server. One of its key disadvantages is the need for extensive maintenance by the IT team as well as on-prem hardware resources.

Another drawback is the complex paying system when you need two types of licenses (server and clients). Finally, the scalability possibilities of Exchange Server are limited as compared to Exchange Online.

Is there a distinction between Exchange Online and Microsoft Outlook?

Microsoft Outlook is an email client that connects with an email server. It is similar to other email clients like Gmail or Apple Mail. Read our in-depth article on Gmail vs. Outlook comparison.

This application has desktop and cloud versions. Both versions are part of the Microsoft 365 offer (available in all the plans). Desktop Outlook can be acquired as a standalone service.

Microsoft Outlook is used primarily to receive and send emails. Now, both versions of this application are usually connected to Exchange Online.

Desktop Outlook can also connect to the Exchange Server or any other email server of your choice.

Here’s a list of the great Outlook features: focused inbox, Text Predictions and Suggest Replies, scheduled send, sensitive emails, and immediate cancellation.

Learn how to set up Gmail in Outlook.

How to close data protection gaps in Exchange Online and Microsoft 365?

As we mentioned before, Exchange Online and Microsoft 365 require extra protection from a number of cyber incidents. That’s because Microsoft has a shared responsibility model. It creates a security gap beyond Microsoft’s scope of accountability.

It is up to the client to address the threats and mitigate the risks within this gap. Unfortunately, because Microsoft 365 and Microsoft Exchange Online are marketed as tools with enhanced security, few companies know the existence of this gap.

What is this gap? We mentioned four types of cyber incidents that are not covered by Microsoft security features: human error, man-in-the-middle attack, ransomware, and zero-day attack.

They all share one common feature-the entry point. A user who made a mistake or erased some data on purpose had access to your corporate data. Similarly, ransomware tools gained access to your data along with edit permissions. Finally, in a zero-day attack scenario, cybercriminals exploited the vulnerability of an application with access and extensive scope of permissions to your Microsoft 365 data.

Obviously, you can only protect your data from loss and corruption by disabling any access to it. However, it will hinder your business operations significantly.

Microsoft 365 Backup - a great way to protect your Exchange Online
Microsoft 365 Backup tool protects Exchange Online Data from loss

Alternatively, businesses can add an extra layer of protection to their Microsoft 365 and Exchange Online protection. We suggest using the following tools:

  • Cloud-to-cloud automated backup for Microsoft 365 services
  • Proactive cloud ransomware protection based on data behavior
  • Application discovery and risk assessment.

The backup will be helpful in case a human or an application deletes or alters your data. We suggest using SpinBackup for Microsoft 365 as it has all the necessary features for incident response in the event of data loss. This tool has several features that can make administration easier and cheaper. For example, it can transfer data more conveniently or archive mailbox and Onedrive at a cheaper price.

In most cases, data backup is enough for a company. When ransomware strikes, firms wait for the attack to stop, identify the application causing the attack, revoke its access to their Microsoft 365, and initiate data recovery. Companies that wish to automate these processes can purchase SpinRDR ransomware protection.

Finally, many firms want to combat Shadow IT and prevent zero-day attacks. In this case, they acquire an Application risk assessment tool from SpinSPM.

Note that all three tools are available separately or as features of a single SpinOne data protection platform. In addition to the above-mentioned features, this tool also has DLP functionality, e.g., sharing monitoring, abnormal behavior discovery, and sensitive data control.

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Vice President of Product at Spin.AI

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Mastering Disaster Recovery – Best Practices in 2024

From natural calamities to cyber threats and system failures, organizations face numerous challenges that can...

Avatar photo

Product Manager

Read more
SaaS backup and application governance

Expert Insights: SaaS Backup and Application Governance (Part 3)

Welcome back to our blog series on SaaS data protection. Part 1 focused on data...

Avatar photo

Former Gartner Analyst, Backup & Recovery

Read more

Protecting Your SaaS Environment: Insights from the Snowflake Incident

High-profile breaches are in the news more than ever before. However, data breaches are no...

Avatar photo

Product Manager

Read more