3/6/2018 published by: Softeng

Office 365 Advance Threat Protection

Email is one of the preferred ways for cybercriminals to introduce malware into computers through attachments or links to malicious websites. These threats are masked in mails of false offers of employment, notifications of fines, alerts of overdue payments and even come from affected senders that are of our confidence. In short, falling into the trap of these attacks is very simple .

Advanced protection with Office 365

Office 365 already provides companies with basic security measures that protect email against spam, malware and known viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. For this, Microsoft offers Office 365 Advanced Threat Protection (ATP) , a tool that enriches the security of the platform providing protection against advanced threats.

What is Office 365 ATP?

Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your mailboxes against any kind of sophisticated attack and offers an immediate response to zero-day attacks ( Attack exploits an unknown vulnerability ). Also, a few days ago Microsoft announced that it extends the advanced protection against file attacks from SharePoint Online, OneDrive for the company and Microsoft Teams. In this article, we will discuss each of the capabilities included in this powerful Office 365 security solution.


Office 365 Advance Threat Protection Protection against unsecured attachments
Office 365 Advance Threat Protection ATP includes two protection features, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments undergo real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If no suspicious activity is detected, the file is released for delivery with a minimum delay time.

Dynamic Delivery , allows the user to read and reply to the email while his / her attachment is being scanned, thus avoiding the user's productivity penalty. The service delivers the mail to the recipient with a message indicating that the attached file and its progress are being scanned.

Microsoft is working on a new Dynamic Delivery functionality that will show a preview of the file it is scanning, further minimizing work interruptions for the user.


Office 365 Advance Threat Protection Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in the most advanced attacks these malicious urls are hidden in seemingly secure links that reach the recipient. For this, ATP has two features, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and link analysis in real time, blocking the link if it is malicious.

The links of malicious links are applied to the links included in the body of a message and those included in Office documents, such as Word, Excel, PowerPoint and Visio.

When the user clicks on a malicious URL, ATP automatically begins the scan, showing the user screens that inform about the situation. The protection of that link remains, blocking it every time the user clicks.

Office 365 Advance Threat Protection

Protege tu correo de empresa con Office 365 Advance Threat Protection

Protection against identity theft (Anti-Phishing)
New functionality that protects us from phishing attacks that come from people that we know a priori but in reality they are not the ones who sent us the mail (this is what is called attack based on impersonation ). This type of phishing attacks are extremely dangerous because the recipient, when the mail comes "theoretically" from who looks like a member of their organization, usually trust and easily fall into deception. If our domains are well configured, an impersonation using exactly our domain should not be possible, but Office 365 ATP intercepts as impersonation attempts also those senders who are not correct, they confuse to be very similar (For example, we receive an email from a sender "zperez@softegn.es", when in reality, if this user existed, it would be "zperez@softeng.es".

Once activated this new advanced functionality (the policy is not activated by default ), automatically the system gradually learns how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users with Office 365 ATP license (even up to 20 external addresses).

 Office 365 Advance Threat Protection Get advanced reports and track message links
ATP offers extensive information and tracking capabilities that provide managers with an insight into the type of attacks that are occurring in the company with information on who is the target in your company, the malware and spam sent or received in the company and the category of the attacks you face .

Advanced reports allow you to investigate messages that were blocked due to an unknown virus or malware:

Office 365 Advance Threat Protection

The URL tracking feature allows you to perform an analysis of malicious links that have been clicked:

Office 365 Advance Threat Protection

Protege tu correo de empresa con Office 365 Advance Threat Protection Collaborate more safely

The ability of advanced protection for files that are shared from SharePoint Online, OneDrive for the company and Microsoft Teams offers companies a safer way to work, I m asking users to open or download malicious files.


How to acquire Office 365 Advanced Threat Protection?

ATP is included in the Office 365 Enterprise E5 version and can be added to the following Office 365 plans that have an email license, namely:

  • Exchange Online Plan 1 and plan 2
  • Exchange Online Kiosk
  • Exchange Online Protection
  • Office 365 Essentials
  • Office 365 Premium company
  • Office 365 Enterprise E1 and E3
  • Office 365 Enteprise K1

From Softeng we offer you our experience and our services to help you draw and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .

You want to know more? Contact us to discover how to protect your company!

Yes, I want to know more!



<< back to blog

Do you want to receive the items in your mailbox?

Suscripciones al Blog Rss Blog