Office 365 Advanced Threat Protection

Important

This article is intended for Office 365 Enterprise and Microsoft 365 Enterprise customers. If you are using Outlook.com, Office 365 Home, or Office 365 Personal, and you're looking for information about Safe Links in Outlook, see Advanced Outlook.com security.

Overview

Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:

Office 365 ATP Plan 1 and Plan 2

ATP is included in Office 365 E5; however, ATP Plan and ATP Plan 2 are each available as an add-on for certain subscriptions. To learn more, see Feature availability across ATP plans.

Configure ATP policies

Office 365 ATP provides numerous tools to set an appropriate level of protection for your organization.

Your organization's security team must define policies for each ATP tool in the Office 365 Security & Compliance Center. Go to Threat management > Policy to access policy options. (To get some help with this, see Quick Start Guide: Set up Office 365 Advanced Threat Protection.)

The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible. For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly because new threats and challenges emerge daily.

View ATP reports

Office 365 ATP includes an advanced reporting dashboard to monitor your ATP performance. You can access it at Reports > Dashboard in the Security & Compliance Center.

Reports update in real-time, providing you with the latest insights. These reports also provide recommendations and alert you to imminent threats. Predefined reports include the following:

Use threat investigation and response capabilities

Office 365 ATP Plan 2 includes best-of-class threat investigation and response tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.

Save time with automated investigation and response

(NEW!) When you are investigating a potential cyber attack, time is of the essence. The sooner you can identify and mitigate threats, the better off your organization will be. Office 365 ATP Plan 2 will now include automated investigation and response (AIR) capabilities. (If you don't have these capabilities yet, you'll have them soon with ATP Plan 2.)

AIR includes a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Explorer. AIR can save your security operations team time and effort in mitigating threats, effectively and efficiently. To learn more, see Automated Investigation and Response (AIR) with Office 365.

Permissions required to use ATP features

To access ATP features in the Security & Compliance Center, you must be assigned an appropriate role. The following table includes some examples:

Role or role group Resources to learn more
Office 365 Global Administrator About Office 365 admin roles
Security Administrator Administrator role permissions in Azure Active Directory
Exchange Online Organization Management Permissions in Exchange Online
and
Exchange Online PowerShell

For more information, see:

Get Office 365 ATP

Office 365 ATP Plan 2 is included in Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business. If your subscription does not include Office 365 ATP, you can purchase ATP Plan 1 or ATP Plan 2 as an add-on to certain subscriptions. To learn more, see the following resources:

New features in Office 365 ATP

New features are added to Office 365 ATP continually. To learn more, see the following resources: