With the increased threats posted by ever changing attacks from viruses to malware to phishing to spoofing, protection has never been more important.
To help prevent threats from even reaching your premises, Microsoft has added a feature to Office 365 called Advanced Threat Protection.
Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection and includes features to safeguard your organization from harmful links in real time. ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.
ATP is included in Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business. If you have any other Office 365 subscription plans, you can add ATP to your subscription for $2 per user per month.
If you are still using an on-premises Exchange Server, as long as you are on Exchange 2013 or newer, you can also add Office 365 ATP as a service to provide cloud-based filtering prior to the email hitting your server.
Microsoft’s Advanced Threat Protection (ATP) Capabilities
The ATP Safe Links feature proactively protects your users from malicious hyperlinks in a message. The protection remains every time they click the link, as malicious links are dynamically blocked while good links can be accessed.
Safe Attachments protects against unknown malware and viruses and provides zero-day protection to safeguard your messaging system. All messages and attachments that don’t have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.
Spoof intelligence detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization's domains. It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender. Spoof intelligence is available in the Security & Compliance Center on the Anti-spam settings page.
Messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Authorized users can review, delete, or manage email messages sent to quarantine.
Advanced anti-phishing capabilities
This feature uses machine learning models to detect phishing messages.