Today, privacy and data security are among the most important things when managing organizations’ data. These two areas are significant if your company has its emails stored in a SaaS or on-premises Exchange Server.

In this day and age, threats like malware, ransomware, and viruses are a huge concern to organizations that want to prevent any attack on their systems and most importantly, business-critical data.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

One of the most dangerous and damaging online threats nowadays is ransomware, which is often caused by a spoofing email, spreading malware to steal data/encrypt your data for money.

Where there is an attack on your company, the breach possibly might have been related to an email attack because 9 out of 10 data security breaches start with emails. That is why organizations must consider those security threats and have tools to protect them.

This is important if your company uses 365 Microsoft or on-premises Exchange Server.

Download Banner

Office 365 Advanced Threat Protection(ATP) is essential when running those services(on the Cloud or on-premises) to add multiple layers of protection.

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection has been included in Office 365 Enterprise E5 and Microsoft 365 Business Premium plans.

ATP can also be added to Exchange and Office 365 subscription plans (Exchange Online, Business Basic/Standard, or Office 365 Enterprise E1 and E3).

Check it HERE for more details about ATP plans and features included in each service.

Office 365 ATP Protection is a Cloud-base email filtering service.

When using ATP, Microsoft can provide your organization online and real-time protection to keep your company and emails safe from any unsafe and insecure attachments or malicious links.

ATP ensures that your organization is safe and free of any virus and malware sent by spoofing emails.

How to Configure Office 365 Advanced Threat Protection?

You know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free. Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub. Learn about who can sign up and trial terms here.

To use Office 365 Advanced Threat Protection, you need the following licenses.

  • Microsoft 365 E5
  • Microsoft 365 Business Premium
  • Office 365 E5
  • Office 365 Advanced Threat Protection Plan 1
  • Office 365 Advanced Threat Protection Plan 2

When you enable your Office 365 Plan, you have two options: Protect your Organization or just Report and Monitor.

M365advancedthreat

Then you need to Turn on Microsoft 365 Defender features.

M365advancedthreat

Then you have all the options and features available.

M365advancedthreat

When you select your plan and enable Microsoft 365 Defender, you are ready to start detecting and defending your organization against any security threats that may arrive in your email accounts.

Note: Microsoft renamed Office 365 Advanced Threat Protection to Microsoft Defender or Microsoft 365 Defender. When using the protection.office.com portal to configure your security policies, Microsoft forwards the user to security.microsoft.com to configure policy settings for anti-phishing, anti-spam, and anti-malware.

Microsoft Sentinel includes all Microsoft Defender for different environments.

M365advancedthreat

So in the article, when referring to Office 365 Advanced Threat Protection, Microsoft is now referring to Microsoft Defender for Office 365.

As stated above, Office 365 ATP protects your organization against insecure links and unsafe attachments.

Office 365 Advanced Threat Protection is part of a whole stack of Microsoft Defender.

M365advancedthreat

Office 365 Advanced Threat Protection Key Features

Next, let us learn how to configure and set some of the features included in the Office 365 ATP.
These are some of the Key Features of Office 365 ATP.

You can use Microsoft Defender Portal to assign the Standard and customize restricted security policies inside your organization.

Use the main portal https://protection.office.com but also https://security.microsoft.com/ or https://security.microsoft.com/securitypoliciesandrules

Following the previous section on installing Office 365 ATP, we can see some of those features, Standard and Customized policies and how to install/configure them.

Safe Links

Unsafe links are one of the main causes of security breaches.

An unsafe link can be in an email from someone you don’t know, but it can also be sent by someone you know and trust. But that has been infected. That is why it is crucial to have a tool like ATP that automatically checks that the URL in that email is safe.

When you receive an email with a link and click on it, Office 365 ATP Safe Links checks the link and provides time-of-click verification of the URL.

Actions that Office 365 Advanced Threat Protection Safe Links perform when a user clicks on a link:

Safe Links checks a list of known, malicious links when users click links in email: Enables or disables Safe Links.

  • Safe Links scanning is enabled in Outlook (C2R) on Windows
  • URLs are rewritten, and users are routed through Safe Links protection when they click URLs in messages
  • When clicked, URLs are checked against a list of known malicious URLs and the “Block the following URLs” list
  • URLs that don’t have a valid reputation are detonated asynchronously in the background

When ATP Safe Links finds an unsafe or malicious link, it will open a warning page message, protecting the user from a potentially harmful link.

These feature policies can be configured in the options: Policies & Rules – Threat policies – Safe links

M365advancedthreat

As we see in the above image, you can use Global Settings, use the Standard Policy, or create a new customized one for your organization(for the whole domain, specific users/groups, etc.)

Important notes:

  • Safe Links does not work on mail-enabled public folders
  • Safe Links supports only HTTP(S) and FTP formats
  • Safe Links protection for Microsoft Teams is unavailable in Microsoft 365 GCC High or Microsoft 365 DoD

Safe Attachments

The ATP Safe Attachments feature scrutinizes any email attachments from any email that arrives in your email inboxes and makes sure they are not infected or have any malicious threat.

ATP automatically opens and checks any attachments every time a user receives and checks an email with an attachment. ATP checks and tests these attachments in a virtual environment outside your organization’s network.

If ATP finds anything malicious inside an attachment, it’s removed automatically. If not, the file opens normally.

You can set safe attachments for a particular account or the whole organization using ATP policies.

These feature policies can be configured in the options: Policies & Rules – Threat policies – Safe attachments

M365advancedthreat

You can select more or less restrictive policies in your customized security policies. It all depends on your organization’s security policies.

Protection against spoofing

When spoofing an email address, this can be done for legit reasons. You can use it for internal-external legit reasons. So when you configure your spam and spoof filters, you need to consider that.

That is why when using Office 365 ATP, the Spoof Intelligence feature is critical to protect your organization, block non-legit emails, and not block legit emails that you may have configured inside your organization.

M365advancedthreat

You can create customized policies and spam filters for your emails.

Anti-Phishing

M365advancedthreat

As shown in the image above, you can use a default Anti-Phishing policy or create a new one for the whole organization or a specific group of users.

Also, like in the above features, once implemented, Anti-Phishing acts when an email arrives in the email inbox(inside of the policy) and checks if it is a malicious or a safe email. Anti-Phishing uses machine learning message models to validate the email.

Machine learning diagram in ATP.

M365advancedthreat

@Microsoft image

Machine learning models examine detonation artifacts along with various signals from the following:

  • Static code analysis
  • File structure anomaly
  • Phish brand impersonation
  • Threat intelligence
  • Anomaly-based heuristic detections from security researchers

Like the other features, Anti-Phishing policies can be set for your organization’s entire domain, specific user, or a group.

Threat Explorer and others

M365advancedthreat

Explorer or Real-time detections help your security operations team investigate and respond to threats efficiently.

You can track and investigate any threats using Threat Investigation, Threat Explorer, and Review options. With automated investigation processes in response to well-known threats, Automated investigation and response (AIR) can investigate what happened and provide you with a report.

Reports

In any of the above features, ATP can track and report the complete record of what happened and where malware goes in your organization. With this report, you can quickly learn and easily find the source and infection path to isolate the security breach.

Type of reports for ATP: Email Security, Exchange Online Protection, Results, Detections, Threat Explorer, Threat Protection Status Report, Message Disposition Report, and File Types Report.

How does Office 365 Advanced Threat Protection work?

As we learn in this article, ATP has 3 rules, Protect, Detect, and Respond.

ATP uses policies that filter organization data or incoming/outgoing emails inside your domain.

Analyze and check malicious or suspicious threats in that data, and act according to the policies set in your organization(default policies or customized ones created by the customer).

Then send to quarantine, block, or just send you a warning report about the validated suspicious data.

M365advancedthreat

@Microsoft image

Conclusion

Office 365 Advanced Threat Protection is a security tool that protects environments against security threats that can be discovered running or trying to run inside an organization.

Checking all your data and filtering emails using security policies can stop and block any security threats before they happen.

Using machine learning and behavioral models can block, quarantine, or simply warn/report any suspicious behavior in your data or email flow. It can protect your data against zero-day attacks and sophisticated threats.

As we see in this article, Office 365 Advanced Threat Protection is part of the Microsoft Defender stack, and other services such as OneDrive, SharePoint Online, and Exchange Online are also protected. Microsoft Defender stack protects devices on-premises or in the Cloud inside your organization.

In addition to learning about Office 365 ATP which can Protect, Detect and Respond to security threats, learn why and how to backup your Microsoft 365 business-critical data with a comprehensive, robust backup solution like BDRSuite.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

5/5 - (1 vote)