5 Top Features of Office 365 Advanced Threat Protection

Earlier this year, we wrote a blog that talked about Office 365 Advanced Threat Protection as one of the three types of Advanced Threat Protection that Microsoft offers, and how it could help your organization. It sparked interest with our customers, but we noticed the most interest seemed to be directed towards Office 365 Advanced Threat Protection specifically.

So, in this blog, we’re exploring Office 365 Advanced Threat Protection (ATP) in-depth, discussing 5 hot features, and why you should use Office 365 ATP in your organization. Interested in implementing Office 365 Advanced Threat Protection? Contact our talented team today for more assistance!


In Brief: What is Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection can help you ensure that you don’t become a victim of the many new malware campaigns that are being launched every day. By offering protection for your email, files, and online storage solutions, Office 365 ATP complements Exchange Online Protection’s security features in order to provide your organization with better zero-day protection, keeping you safe from such things as unsafe attachments and malicious links, in real time.

#Office365 #AdvancedThreatProtection can help you ensure that you don’t become a victim of the many new malware campaigns that are being launched every day.

Office 365 Advanced Threat Protection is included in your Office 365 Enterprise E3 and E5 licenses. It can be added to several other Exchange and Office 365 subscription plans for a low monthly fee of just $2.40 CAD/user. Not a bad investment, considering that it can save you thousands of dollars by preventing a potential breach! But if the low cost isn’t enough incentive to include it in your security infrastructure, check out 5 hot features of Office 365 Advanced Threat Protection in our next section!


5 Hot Features of Office 365 Advanced Threat Protection

Below, we’ve outlined five of the key features of Office 365 ATP that you can take advantage of for keeping your organization more secure:

1. Office ATP Safe Attachments

The ATP Safe Attachments feature checks any email attachments that come in to your inbox to make sure it’s not malicious. If you have Office 365 Advanced Threat Protection activated within your Office 365 environment, every time someone checks their emails, Safe Attachments automatically opens the file and tests it within a virtual environment that doesn’t affect your real-time environment. If it’s malicious in nature, it is removed automatically, but if it’s a safe attachment, it’ll open as expected. You can apply Safe Attachment policies to a specific person on your team, or your organization as a whole.

2. Office ATP Safe Links

In this day and age, everyone should know the dangers of clicking on links that have been sent to you from someone you don’t know. If you don’t trust the sender, don’t click on the link. But there are times when the sender you trust has, themselves, been hacked. Or there are times when we make mistakes and click on a link anyway. When something happens, you need to know that you’re safe.

Everyone should know the dangers of clicking on links that have been sent to you from someone you don’t know. #ATP #SafeLinks can help protect you from multiple scenarios, including hacking, or human error. 

Enter Office 365 Advanced Threat Protection Safe Links, which provides time-of-click verification of website addresses in both email messages and Office documents. When an email is received that contains a URL and you click on that link, ATP Safe Links will automatically check the URL before opening it. That URL will either be identified as blocked, malicious, or safe. If the URL is safe, it’ll open as usual without any further steps required. If the URL has been blocked or is identified as malicious, it’ll open a warning page instead of exposing your user to the potentially harmful link. A similar process takes place when a link is clicked within an Office document.

3. Office ATP for SharePoint, OneDrive, and Microsoft Teams

There are a number of organizations out there using SharePoint, OneDrive, and Microsoft Teams to collaborate with each other and share ideas. But how can you make sure that you’re doing so in a safe and secure manner? With Office 365 ATP, it’s possible!

Office 365 Advanced Threat Protection helps to detect and block potentially malicious files from your document libraries or team sites, locking the file and preventing anyone from accessing it once it’s been identified as malicious. Although it’ll still show in your site, the blocked file won’t be able to be opened, moved, copied, or shared (but you can delete it). Also, as of late May, these files are now included in a list of quarantined items, so members of your security team can download, release, report or delete them from the system.

Office 365 ATP







It should be noted that ATP does not scan every single file in SharePoint, OneDrive, or Microsoft Teams – files are scanned asynchronously, using sharing and guest activity events in tandem with threat signals to identify malicious files.

4. Spoof Intelligence

You’ve most likely heard of instances where hackers or cybercriminals have used spoofing as a way to pretend they’re someone from your organization. However, there are legitimate times when spoofing is necessary. For instance, you have third-party vendors who are sending bulk mail on your behalf, or you’ve hired an assistant who needs to send emails from another person within your organization, or you’ve hired an external company to do lead generation, product updates, or send sales emails that look like they’re coming from you.

For these reasons, it’s important not to outright block all spoofing from your organization. But how do you make sure that these emails who are supposedly coming from your organization are, in fact, legitimately from your organization? More importantly, since spoofing is also a common way for phishers to determine user credentials, how do you make sure that those who are spoofing your domain for malicious purposes are stopped?

That’s where Spoof Intelligence comes in. Office 365 Advanced Threat Protection has built-in spoof protection that helps make sure the legitimate emails are sent, while shielding your organization from any malicious intent. In the Security & Compliance Centre on your Office 365 Admin portal, you can set up spoof filters that can determine the difference between legitimate activity and malicious activity. In the Security & Compliance Centre, you can review senders that are spoofing your domain and either block those senders from doing so, or allow them to continue with just a few clicks of your mouse.

Learn more about Spoof Intelligence here.

Office 365 ATP


5. Office ATP Anti-Phishing Capabilities in Office 365

Machine learning models and impersonation detection algorithms are two of the ways that Office 365 Advanced Threat Protection Anti-Phishing helps to keep your organization protected from potential spear-phishing attacks. Using the Anti-Phishing capabilities, your security team can set up Office 365 ATP’s Anti-phishing to check all of your incoming messages for any indication that it could be a phishing attempt.

How, you ask? Once your security team implements an ATP policy in your organization, anyone who’s covered by it will automatically have this feature enabled. When the email comes into your inbox, the message is evaluated by machine learning models that decide if it is a malicious email. If so, ATP will enact an action, based on however your security team has configured your ATP policy.

These Anti-Phishing policies can be set for a specific group of people in your organization, or to an entire domain, or to every domain you own.


Office 365 Advanced Threat Protection in Action – A Brief Case Study

A brief case study for Office 365 Advanced Threat Protection Safe Links in action happened in ProServeIT’s organization just recently. One of our managers received an email supposedly coming from Microsoft with the header, “Action Required: Your Email Password Has Expired”. At first glance, the email looked legitimate, with Microsoft’s (mostly) correct logo and email template, all the correct-looking credentials, and an official-sounding tone to the email. In the email, there was a link to click on to update his credentials.

Noticing a few minor errors in the text of the email, and knowing that Microsoft doesn’t typically send emails requesting passwords, our manager did some digging and found that this was, indeed, a phishing attempt to steal his credentials.

Office 365 ATP

Our manager sent the warning to the team at ProServeIT, and, as a teaching moment, he clicked on the link to show how ATP Safe Links works. This is the warning he received when he clicked on the link:

Office 365 ATP

The point of this case study is, had our manager been an unsuspecting executive who was unfamiliar with the insidious ways that hackers work, he might have easily clicked on the link in this legitimate-looking email. And, without Office 365 ATP Safe Links flagging the website as malicious and alerting the unsuspecting manager to the potential danger, he would have proceeded to the website, where he would have been prompted to enter his credentials. This, in turn, would have give the hacker access to our company's environment, and allowed them to engage in their nefarious activities.


Let Office 365 Advanced Threat Protection Help You! Get Started Today!

So, the question is, do you want real-time protection against sophisticated attacks? Protection from unsafe attachments? Visibility into who might be targeting your organization and what kinds of attacks you might be facing? The ability to block links that are harmful to your users? Or determine what a phishing message is and be able to handle it before it becomes a problem?

All of these issues can be addressed by implementing Office 365 Advanced Threat Protection in your organization. Not sure where to begin and need a little help getting started? ProServeIT can help! Get in touch with us today and we’ll get you started with exploring your options.