Office365 Advanced Threat Protection

Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organisation against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organisation from harmful links in real time. ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organisation.

Features

In an Office 365 ATP filtering-only scenario, ATP provides cloud-based email protection for your on-premises Exchange Server environment or any other on-premises SMTP email solution.

Office 365 ATP can be enabled to protect Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online service description.

ATP Safe Attachments protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system. All messages and attachments that don't have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.

The ATP Safe Links feature proactively protects your users from malicious URLs in a message or in an Office document. The protection remains every time they select the link, as malicious links are dynamically blocked while good links can be accessed.

ATP anti-phishing checks incoming messages for indicators that a message might be a phishing attempt. When users are covered by ATP policies (Safe Attachments, Safe Links, or anti-phishing), incoming messages are evaluated by multiple machine learning models that analyse messages and the appropriate action is taken, based on the configured policies.

Automated incident response (AIR) capabilities available in Office 365 ATP Plan 2 enable you to run automated investigation processes in response to well-known threats that exist today. By automated certain investigation tasks, your security operations team can operate more efficiently and effectively. Remediation actions, such as deleting malicious email messages, are taken upon approval by your security operations team.

Attack Simulator lets authorised users run realistic attack scenarios in your organisation. Several different kinds of attacks are available, including a display name spear-phishing attack, a password-spray attack, and a brute-force password attack.

In a hybrid deployment, ATP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.