Office 365 Advanced Threat Protection is one of the three types of Advanced Threat Protection that Microsoft offers, providing your organization with advanced security features that keep you protected from advanced cybersecurity threats!
And, with today's cybersecurity landscape being what it is and threats appearing on a daily, if not hourly basis, it's important to know what tools are out there to protect your organization.
In Brief: What is Office 365 Advanced Threat Protection?
A Cloud-based email filtering service that can help protect your organization from unknown malware and viruses, Office 365 Advanced Threat Protection can provide your organization with better zero-day protection, keeping you safe from such things as unsafe attachments and malicious links, in real time. Simply put, Office 365 ATP can help you ensure that your organization doesn't become a victim of malware, spoofing, or viruses that are being sent to your end-users.
Office 365 ATP is included in Office 365 Enterprise E5 and Microsoft 365 Business Premium plans, and can be added to several other Exchange and Office 365 subscription plans (like Exchange Online, Business Basic/Standard, and Office 365 Enterprise E1 and E3) for as low as $2.60 CAD/user. Not a bad investment, considering that it can save you thousands of dollars by preventing a potential breach!
But, if the low cost isn't enough incentive to include it in your security infrastructure, check out the following 5 hot features of Office 365 Advanced Threat Protection in our next section!
Have You Also Read?
5 Hot Features of Office 365 Advanced Threat Protection
Email is one of the most pervasive and powerful forms of communication in today's working environment - we rely heavily on emails to do business and to communicate with colleagues, collaborators, and customers. However, email is also the most prolific attack vector that threat actors are actively using to target and compromise your users in an effort to breach your organization's security environment!
Below, we've outlined the five key features of Office 365 ATP that helps to keep your organization more secure and helps to ensure that your emails aren't being used against you.
1. Office 365 Advanced Threat Protection: Safe Attachments
The Office 365 Advanced Threat Protection Safe Attachments feature checks any email attachments that come in to your inbox to make sure it's not malicious. If you have Office 365 Advanced Threat Protection activated within your Office 365 environment, every time someone checks an email with an attachment included, Safe Attachments automatically opens the file and tests it within a virtual environment that doesn't affect your real-time environment. If the file is to be found safe, it'll open as expected. But, if the file is found to be malicious in nature, it is removed automatically.
You can apply Safe Attachment policies to a specific person on your team, or your organization as a whole.
2. Office 365 Advanced Threat Protection: Safe Links
In this day and age, everyone should know the dangers of clicking on links that have been sent to you from someone you don't know. After all, it's pretty widely known that, if you don't trust the sender, don't click on the link, right? But, sometimes mistakes happen, and without meaning to, you click on a link anyway. Or, there could be times when the sender you trust has, themselves, been hacked. When these scenarios happen, you need to know that you're safe.
Enter Office 365 Advanced Threat Protection Safe Links, which provides time-of-click verification of website addresses in both email messages and Office documents. When an email is received that contains a URL and you click on that link, ATP Safe Links will automatically check the URL before opening it. That URL will either be identified as blocked, malicious, or safe. If the URL is safe, it'll open as usual without any further steps required. If the URL has been blocked, or is identified as malicious, it'll open a warning page instead of exposing your user to the potentially harmful link. A similar process also takes place when a link is clicked within an Office document.
3. Office 365 Advanced Threat Protection: Spoof Intelligence
There are legitimate times when spoofing is necessary. For instance, if you have third-party vendors who are sending bulk mail on your behalf, you’ve hired an assistant who needs to send emails from another person within your organization, or you’ve hired an external company to do lead generation, product updates, or send sales emails that look like they’re coming from you.
For these reasons, it’s important not to outright block all spoofing from your organization. But how do you make sure that these emails who are supposedly coming from your organization are, in fact, legitimately from your organization? More importantly, since spoofing is also a common way for phishers to determine user credentials, how do you make sure that those who are spoofing your domain for malicious purposes are stopped?
That’s where Spoof Intelligence comes in. Office 365 Advanced Threat Protection has built-in spoof protection that helps make sure the legitimate emails are sent, while shielding your organization from any malicious intent. In the Security & Compliance Centre on your Office 365 Admin portal, you can set up spoof filters that can determine the difference between legitimate activity and malicious activity. Also, you can review senders that are spoofing your domain and either block those senders from doing so, or allow them to continue with just a few clicks of your mouse.
4. Office ATP Anti-Phishing Capabilities in Office 365
Machine learning models and impersonation detection algorithms are two of the ways that Office 365 Advanced Threat Protection Anti-Phishing helps to keep your organization protected from potential phishing attacks. Using the Anti-Phishing capabilities, your security team can set up Office 365 ATP’s Anti-Phishing to check all of your incoming messages for any indication that it could be a phishing attempt.
How, you ask? Once your security team implements an ATP policy in your organization, anyone who’s covered by it will automatically have this feature enabled. When the email comes into your inbox, the message is evaluated by machine learning models that decide if it is a malicious email. If so, ATP will enact an action, based on however your security team has configured your ATP policy.
These Anti-Phishing policies can be set for a specific group of people in your organization, or to an entire domain, or to every domain you own.
5. Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams
There are many organizations out there using SharePoint, OneDrive, and Microsoft Teams to collaborate with each other and share ideas, especially in the past few months of the Coronavirus pandemic. But how can you make sure that you’re doing so in a safe and secure manner? With Office 365 ATP, it’s possible!
Office 365 Advanced Threat Protection helps to detect and block potentially malicious files from entering your document libraries or team sites, or locking the file and preventing anyone from accessing it once it’s been identified as malicious. Although it’ll still show in your site, the blocked file won’t be able to be opened, moved, copied, or shared (but you can delete it). Also, these files will be included in a list of quarantined items, so members of your security team can download, release, report or delete them from the system.
It should be noted that ATP does not scan every single file in SharePoint, OneDrive, or Microsoft Teams – files are scanned asynchronously, using sharing and guest activity events in tandem with threat signals to identify malicious files.
Have You Also Read?
Office 365 Advanced Threat Protection in Action – A Brief Case Study
A brief case study for Office 365 Advanced Threat Protection Safe Links in action happened in ProServeIT’s organization just recently. One of our managers received an email supposedly coming from Microsoft with the header, “Action Required: Your Email Password Has Expired”. At first glance, the email looked legitimate, with Microsoft’s logo and email template, all the correct-looking credentials, and an official-sounding tone to the email. In the email, there was a link to click on to update his credentials.
Noticing a few minor errors in the text of the email, and knowing that Microsoft won't typically send emails requesting passwords, our manager did some digging and found that this was, indeed, a phishing attempt to steal his credentials.
Our manager sent the warning to the team at ProServeIT, and, as a teaching moment, he clicked on the link to show how ATP Safe Links works. This is the warning he received when he clicked on the link:
The point of this case study is, had our manager been an unsuspecting executive who was unfamiliar with the insidious ways that hackers work, he might have easily clicked on the link in this legitimate-looking email.
Then, without Office 365 ATP Safe Links flagging the website as malicious and alerting the unsuspecting manager to the potential danger, he would have proceeded to the website, where he would have been prompted to enter his credentials. This, in turn, would have give the hacker access to our company's environment, and allowed them to engage in their nefarious activities.
Let Office 365 Advanced Threat Protection Help You! Get Started Today!
So, the question is, do you want real-time protection against sophisticated attacks? Protection from unsafe attachments? Visibility into who might be targeting your organization and what kinds of attacks you might be facing? The ability to block links that are harmful to your users? Or determine what a phishing message is and be able to handle it before it becomes a problem?
All of these issues can be addressed by implementing Office 365 Advanced Threat Protection in your organization. Not sure where to begin and need a little help getting started? ProServeIT can help! Get in touch with us today and we’ll get you started with exploring your options.
Want to see what's new and improved in Office 365 Advanced Threat Protection? Check out this Microsoft document for recent updates that have happened over the past year!