Office 365 Advanced Threat Protection

Important

This article is intended for business customers who have Office 365 Advanced Threat Protection. If you are using Outlook.com, Office 365 Home, or Office 365 Personal, and you're looking for information about Safe Links or Safe Attachments in Outlook, see Advanced Outlook.com security for Office 365 subscribers.

Overview

Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:

Office 365 ATP Plan 1 and Plan 2

The following table summarizes what's included in each plan.

Office 365 ATP Plan 1 Office 365 ATP Plan 2
Configuration, protection, and detection capabilities:
- Safe Attachments
- Safe Links
- ATP for SharePoint, OneDrive, and Microsoft Teams
- Advanced antiphishing protection
- Real-time detections
Office 365 ATP Plan 1 capabilities
--- plus ---
Automation, investigation, remediation, and education capabilities:
- Threat Trackers
- Threat Explorer
- Automated investigation and response
- Attack Simulator
  • Office 365 ATP Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.

  • Office 365 ATP Plan 1 is included in Microsoft 365 Business.

  • Office 365 ATP Plan 1 and Office 365 ATP Plan 2 are each available as an add-on for certain subscriptions. To learn more, see Feature availability across ATP plans.

  • If your current subscription does not include Office 365 ATP, contact sales to start a trial, and see how ATP can work for your organization.

Tip

Do you have Microsoft 365 E5 or Microsoft 365 E3 together with Identity & Threat Protection? Consider trying Microsoft Threat Protection.

Configure ATP policies

With Office 365 ATP, your organization's security team can configure protection by defining policies in the Office 365 Security & Compliance Center (Go to https://protection.office.com > Threat management > Policy.)

Tip

For a quick list of policies to define, see Protect against threats.

The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible. For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly because new threats and challenges emerge daily.

View Office 365 ATP reports

Office 365 ATP includes an advanced reporting dashboard to monitor your ATP performance. You can access it at Reports > Dashboard in the Security & Compliance Center.

Reports update in real-time, providing you with the latest insights. These reports also provide recommendations and alert you to imminent threats. Predefined reports include the following:

Use threat investigation and response capabilities

Office 365 ATP Plan 2 includes best-of-class threat investigation and response tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.

Save time with automated investigation and response

(NEW!) When you are investigating a potential cyberattack, time is of the essence. The sooner you can identify and mitigate threats, the better off your organization will be. Automated investigation and response (AIR) capabilities include a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Explorer. AIR can save your security operations team time and effort in mitigating threats effectively and efficiently. To learn more, see AIR in Office 365.

Permissions required to use ATP features

To access ATP features in the Security & Compliance Center, you must be assigned an appropriate role. The following table includes some examples:

Role or role group Resources to learn more
Office 365 Global Administrator (this can be assigned in either Azure Active Directory or in the Office 365 Security & Compliance Center) About Office 365 admin roles
Security Administrator (this can be assigned in either Azure Active Directory or the Office 365 Security & Compliance Center) Administrator role permissions in Azure Active Directory

Permissions in the Security & Compliance Center
Exchange Online Organization Management (this is assigned in Exchange Online) Permissions in Exchange Online

Exchange Online PowerShell
Search and Purge (this is assigned only in the Office 365 Security & Compliance Center) [Permissions in the Security & Compliance Center](permissions-in-the-security-and-compliance-center.md

For more information, see Permissions in the Security & Compliance Center.

Get Office 365 ATP

Office 365 ATP is included in certain subscriptions, such as Microsoft 365 E5, Office 365 E5, Office 365 A5, and Microsoft 365 Business. If your subscription does not include Office 365 ATP, you can purchase ATP Plan 1 or ATP Plan 2 as an add-on to certain subscriptions. To learn more, see the following resources:

New features in Office 365 ATP

New features are added to Office 365 ATP continually. To learn more, see the following resources:

See also