Office 365 Advanced Threat Protection
Office 365 Advanced Threat Protection (ATP) helps to protect your organization from malicious attacks by:
Scanning email attachments for malware with ATP Safe Attachments
Scanning web addresses (URLs) in email messages and Office documents with ATP Safe Links
Identifying and blocking malicious files in online libraries with ATP for SharePoint, OneDrive, and Microsoft Teams
Checking email messages for unauthorized spoofing with spoof intelligence
Detecting when someone attempts to impersonate your users and your organization's custom domains with ATP anti-phishing capabilities in Office 365
Protection through Office 365 ATP is determined by policies that your organization's security team defines for Safe Links, Safe Attachments, and Anti-Phishing. It's important to periodically review and revise your policies to keep them up to date and to take advantages of new features that are added to the service. Reports are available to show how ATP is working for your organization. These reports can also show you areas where you might need to review and update your policies. And, if you have files that are marked as malware that shouldn't be, or files you'd like Microsoft to examine, you can submit a file to Microsoft for analysis.
Get Office 365 ATP
Office 365 ATP is included in subscriptions, such as Microsoft 365 Enterprise, Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business. If your organization has an Office 365 subscription that does not include Office 365 ATP, you can potentially purchase ATP as an add-on. For more information, see Office 365 Advanced Threat Protection Service Description.
As a global or security administrator, go to https://portal.office.com and sign in with your work or school account for Office 365.
Choose Admin > Billing to see what your current subscription includes.
If you see Office 365 Enterprise E5, Office 365 Education A5, or Microsoft 365 Business, then your organization has ATP.
If you see a different subscription, such as Office 365 Enterprise E3 or Office 365 Enterprise E1, consider adding ATP. To do that, choose + Add subscription.
Once you have ATP, the next step is for your security team to define policies.
Define policies for ATP
Set up ATP anti-phishing policies in Office 365 including impersonation-based attacks to protect against attackers who send email messages that appear to be from trusted people or domains
See how ATP is working by viewing reports
After your ATP policies are in place, reports are available to show how the service is working.
Make sure that you are an Office 365 global administrator, security administrator, or security reader. (See Permissions in the Office 365 Security & Compliance Center.)
If needed, make adjustments to your security policies. See the following resources:
Submit a suspicious file to Microsoft for analysis
If you get a file that you suspect could be malware, you can submit that file to Microsoft for analysis. Visit the Windows Defender Security Intelligence submission portal.
If you get an email message (with or without an attachment) that you'd like to submit to Microsoft for analysis, use the Report Message add-in.