Within Microsoft's leading Office 365 suite is their Microsoft Office 365 Advanced Threat Protection (ATP) platform that provides protection using trillions of signals from the Microsoft Intelligent Security Graph and analyzing billions of emails daily. The tool protects mailboxes, files, and productivity and collaboration applications against sophisticated attacks in near real-time.
Organizations already using the Office 365 suite may find this solution interfaces well within their existing security framework.
A security and compliance dashboard creates actionable insights to help prioritize potential threats. The platform provides recommendations for addressing phishing and malware.
Office 365 ATP provides security playbooks and investigation graph capabilities to help investigate and remediate attacks more efficiently.
Organizations can run attack simulations and warn users before they click on unknown links and files, helping them report suspicious content.
Microsoft Office 365 Advanced Threat Protection Overview
Threat Protection Policies
Microsoft Office 365 Advanced Threat Protection offers flexible policy options. An organization can set fine-tuned protection at the user, organization, recipient and domain levels.
Phishing is remains the top attack vector for cyber-attacks. Spear phishing and whaling are incredibly common in today's cyber security landscape. Office 365 ATP has built-in intelligence for your organization's domains and well as external ones.
ATP Safe Attachments
ATP Safe Attachments Provides zero-day protection for a business' messaging system by checking email attachments for malicious content. It routes all attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
ATP Safe Links
Get time-of-click verification on email URLs in both emails and Office files. Safe links remain accessible to the organization while malicious ones are dynamically blocked.
ATP for SharePoint, OneDrive, and Microsoft Teams
If your organization already utilizes the collaborative and productivity applications in Office 365, ATP will provide an extra layer of protection by scanning team sites and document libraries.
Reports update in real-time, providing businesses with the latest insights. Predefined reports include:
- Threat Explorer
- Threat Protection Status Report
- ATP File Types Report
- ATP Message Disposition Report
- Email Security Report
- EOP and ATP Results and Detections Reports
Threat Investigation & Response Capabilities
Office 365 ATP Plan 2 includes threat investigation and response tools.
See the latest intelligence on prevailing cybersecurity issues. Available trackers include Noteworthy trackers, Trending trackers, Tracked queries, and Saved queries.
Threat Explorer (or Real-Time Detections)
Real-time report that allows you to identify and analyze recent threats. You can configure Explorer to show data for custom periods.
This powerful tool allows organizations to run realistic attack scenarios in your organization to identify vulnerabilities. Just a few simulations available include:
- Display-name spear phishing attack
- Password-spray attack
- Brute-force password attack
Automated Investigation and Response (AIR) capabilities include security playbooks which can be deployed automatically. AIR can save a security operations team time and effort.
How to get Office 365 ATP
Office 365 ATP is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business. If your subscription does not include Office 365 ATP, you can purchase ATP Plan 1 or ATP Plan 2 as an add-on to certain subscriptions.