4/18/2018 published by: Softeng

Office 365 Advance Threat Protection

Email is one of the preferred ways for cybercriminals to introduce malware into computers through attachments or links to malicious websites. These threats are masked in mails of false offers of employment, notifications of fines, alerts of overdue payments and even come from affected senders that are of our confidence. In short, falling into the trap of these attacks is very simple .

Advanced protection with Office 365

Office 365 already provides businesses with basic security measures that protect email against spam, malware and known viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. To do this, Microsoft offers Office 365 Advanced Threat Protection (ATP) , a tool that enriches the security of the platform providing protection against advanced threats.

What is Office 365 ATP?

Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your mailboxes from any kind of sophisticated attack and offers an immediate response to zero-day attacks ( Attack exploits an unknown vulnerability ). In addition, Microsoft announced that it extends advanced protection against file attacks from SharePoint Online, OneDrive for the company and Microsoft Teams. In this article, we will discuss each of the capabilities included in this powerful Office 365 security solution.


Office 365 Advance Threat Protection Protection against unsecured attachments
Office 365 Advance Threat Protection ATP includes two protection features, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments undergo real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If no suspicious activity is detected, the file is released for delivery with a minimum delay time.

Dynamic Delivery , allows the user to read and reply to the email while his / her attachment is being scanned, thus avoiding the user's productivity penalty. The service delivers the mail to the recipient with a message that indicates that the attached file and its progress are being scanned.

Microsoft is working on a new Dynamic Delivery functionality that will show a preview of the file it is scanning, further minimizing work interruptions for the user.


Office 365 Advance Threat Protection Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in the most advanced attacks these malicious urls are hidden in seemingly secure links that reach the recipient and in which even the most insightful user can fall victim to them.

Protege tu correo de empresa con Office 365 Advance Threat Protection

Generic mail that includes several malicious links hidden in seemingly secure links.

To deal with these malicious techniques, ATP has two features, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and analysis of the link in real time, blocking the link in case of that is malicious.

When the user clicks on a malicious URL, ATP automatically starts the scan, showing the user screens that inform about the situation. The protection of that link remains, blocking it every time the user clicks.

Office 365 Advance Threat Protection


Microsoft has taken a big step in Office 365 ATP protection coverage by adding the Internal Safe Links functionality. This capability protects users from malicious links sent between people of the same organization.

Internal Safe Link acts the same as Safe Link ; When a user clicks on a link, the tool analyzes it in real time and blocks it if it is malicious. This functionality addresses the scenarios in which someone impersonates the identity of a person in our organization, also preventing the emails from leaving.

    Protege tu correo de empresa con Office 365 Advance Threat ProtectionProtection against identity theft (Anti-Phishing)
    New functionality that protects us from phishing attacks that come from people that we know a priori but in reality they are not the ones who sent us the mail (this is what is called attack based on impersonation). This type of phishing attacks are extremely dangerous because the recipient, when the mail comes "theoretically" from who looks like a member of their organization, usually trust and fall easily into deception. If our domains are well configured, an impersonation using exactly our domain should not be possible, but Office 365 ATP intercepts as impersonation attempts also those senders who are not correct, they confuse to be very similar (For example, we receive an email from a sender "zperez@softegn.es", when in reality, if this user existed, it would be "zperez@softeng.es".

    Once activated this new advanced functionality (the policy is not activated by default ), the system automatically learns gradually how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users with Office 365 ATP license.

    Protege tu correo de empresa con Office 365 Advance Threat Protection

    Protection against counterfeit emails from external domains (Anti-Spoofing)
    This new capability helps detect and block counterfeit emails from external domains . Spoofing is a malicious phishing technique that occurs when an email message originates from someone who is not who they say they are.

    To combat this type of attack, Office 365 ATP includes a system capable of detecting counterfeit emails through:

    • Detection of the security configuration of the source domain: By activating this functionality, Office 365 will only accept emails that come from domains that are not vulnerable to being supplanted. Specifically, for each new email that arrives at our company, it checks that the domain of the sender has the correct security configuration *, guaranteeing that it has been sent from an account that really belongs to that domain. Otherwise, if we receive emails that come from domains without these well-configured protocols, Office 365 ATP blocks these emails preventing them from reaching our users.

      * SPF, DMARC and DKIM are the standard email authentication protocols that help protect against spam and phishing

    • Reputation filters: Check the safe senders lists and the history of previous shipments from that domain.
    • Abnormal patterns: Check anomalies in patterns compared to previous shipments from that domain.

     Office 365 Advance Threat Protection Get advanced reports and track message links
    ATP offers extensive information and tracking capabilities that provide managers with an insight into the type of attacks that are occurring in the organization with information from who is the objective in your company, the malware and spam sent or received in the company and the category of attacks you are facing.

    Advanced reports allow you to investigate messages that were blocked due to an unknown virus or malware:

    Office 365 Advance Threat Protection

    The URL tracking function allows an analysis of the links that users have clicked on, also showing the blocked ones:

    Protege tu correo de empresa con Office 365 Advance Threat Protection

    Protege tu correo de empresa con Office 365 Advance Threat Protection Collaborate more securely

    The ability of advanced protection for files that are shared from SharePoint Online, OneDrive for the company and Microsoft Teams offers companies a safer way to work, I m asking users to open or download malicious files.


    How to get Office 365 Advanced Threat Protection?

    ATP offers two plans:

    Office 365 ATP Plan 1: It is included in the Office 365 Enterprise E5 version and can be added to the following Office 365 plans that have an email license, specifically:

    • Exchange Online Plan 1 and plan 2
    • Exchange Online Kiosk
    • Exchange Online Protection
    • Office 365 Essentials
    • Office 365 Premium company
    • Office 365 Enterprise E1 and E3
    • Office 365 Enteprise K1

    Office 365 ATP Plan 2: This plan combines all the capabilities of ATP Plan 1 plus the Office 365 Threat Intelligence threat intelligence solution, it is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 .

    From Softeng we offer you our experience and our services to help you draw and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .

    You want to know more? Contact us to discover how to protect your company!

    Yes, I want to know more!



    << back to blog

    Do you want to receive the items in your mailbox?

    Suscripciones al Blog Rss Blog