Office 365’s Advanced Threat Protection helps protect your organization from malicious attacks. This tool can be used to harden your 365 environment and decrease the likelihood of spam and phishing attacks. In this article, I am going to cover the main features and then give you a step-by-step guide on configuration.

Main Features

  • When an ATP Safe Attachments policy is in place and someone covered by that policy views their email in Office 365, their email attachments are checked and appropriate actions are taken, based on your ATP Safe Attachments policies.
  •  Depending on how your policies are defined, people can continue working without ever knowing they were sent malicious files
  • Beginning in March 2018, ATP protection is being extended to files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
  • When an ATP Safe Attachments policy is in place and someone covered by that policy views their email in Office 365, their email attachments are checked and appropriate actions are taken, based on your ATP Safe Attachments policies.
  •  Depending on how your policies are defined, people can continue working without ever knowing they were sent malicious files
  • Beginning in March 2018, ATP protection is being extended to files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
  • Review all senders who are spoofing either domains that are part of your organization, or spoofing external domains. 
  • Each spoofed user is displayed in a separate row so that you can choose whether to allow or block the sender from spoofing each user individually.
  • Mailbox intelligence analyzes your cloud-based users’ mail flow patterns to determine which contacts they communicate with most often. This helps us more easily identify when an email message might be from an attacker who’s impersonating one of those contacts.

Advanced Reporting

The Security and Compliance Center comes with reports on Mailware, Phishing, Spam and much more that you can analyze to see how your policies are functioning

Licencing Requirements

Here are the subscriptions that include this plan

  • Office 365 Enterprise E5 $35 MSRP
  • Office 365 Enterprise E5 Government $35 MSRP
  • ATP Add-On $2 MSRP
  • Microsoft 365 Business $20 MSRP

Implementation Steps

In this section, I am going to be going over how to implement Safe Attachments and Safe Links as they aren’t turned on by default

Safe Attachments

Go to Policies

In the Security and Compliance Center, go to Threat Management>Policy

Click ATP Safe Attachments

Click on the ATP Safe Attachments Icon

Turn on for Apps

Checkmark the box next to “Turn on ATP for SharePoint, OneDrive, and Microsoft Teams”

New Policy

Click the + icon to set up a new policy

Adjust Settings

YOu have the option to select what action to take when malware is detected. The options to choose from are Off, Monitor, Block, Replace, and Dynamic Delivery. All of these options will slow mail flow except for Dynamic Delivery. The Dynamic Delivery option sends the mail immediately and replaces the attachment with a placeholder file until the scan is complete. For a more detailed explanation of these options, please follow this support article.

Redirect

You can also choose to redirect the attachment to another email such as an admin or quarantine mailbox. Lastly, you will notice above, you can specify this policy to specific groups or domains.

Safe Links

Policy

In the Security and Compliance Center, go to Threat Management>Policy

Safe Attachments

Click on the ATP Safe Attachments Icon

Default

Here you can click on the Default Policy to see its settings. You will notice that by default, nothing is turned on:

Add

The first things we can do here is add an asterisk as a wildcard so that URLs start getting scanned for malicious content

Checkmark

We can also checkmark the box for using Safe Links in Office 365 ProPlus and Office for IOS/Andriod

New Policy

The other option is to scroll down and create a new safe link policy

Customize

Here we can give a new name to the policy and I recommend checkmarking all of the fields but you can customize to fit your organizational needs:

Whitelist

Additionally, you can whitelist certain URLs and define certain domain/groups/users to apply this policy to

Summary

After you click save, you can see a summary on the right hand side

Live

After the policy is in place, the ATP Safe Links feature immediately checks the URL a user clicks on before opening the website. The URL is identified as blocked, malicious, or safe.

Functionality

If the URL is to a website that is included in the whitelisted URLs list for a policy that applies to the user, the website opens If the URL is to a website that is included in the organization's custom blocked URLs list or a URL is to a website determined to be malicious, a warning page opens.

Functionality

If the URL goes to a downloadable file and your organization's ATP Safe Links policies are configured to scan such content, the downloadable file is checked If the URL is determined to be safe, the website opens.

Spread the word and Add Your Best Practices Below!

Share with the Community