Office 365 Advanced Threat Protection


This article is intended for Office 365 Enterprise customers. If you are using, Office 365 Home, or Office 365 Personal, and you're looking for information about Safe Links in Outlook, see Advanced security.


Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:

  • Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.

  • Reports: View real-time reports to monitor ATP performance in your organization.

  • Threat intelligence capabilities: Utilize leading-edge tools to investigate, understand, simulate, and prevent threats.

Configure ATP policies

Office 365 ATP provides numerous tools to set an appropriate level of protection for your organization.

Your organization's security team must define policies for each ATP tool in the Office 365 Security & Compliance Center. Go to Threat management > Policy to access policy options.

The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible. For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly because new threats and challenges emerge daily.

View ATP reports

Office 365 ATP includes an advanced reporting dashboard to monitor your ATP performance. You can access it at Reports > Dashboard in the Security & Compliance Center.

Reports update in real-time, providing you with the latest insights. These reports also provide recommendations and alert you to imminent threats. Predefined reports include the Threat Protection Status report, ATP File Types report, ATP Message Disposition report and more.

Utilize threat intelligence capabilities

Office 365 ATP includes best-of-class threat intelligence tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.

Permissions required to use ATP features

To access ATP features in the Security & Compliance Center, you must be assigned an appropriate role. The following table includes some examples:

Role or role group Resources to learn more
Office 365 Global Administrator About Office 365 admin roles
Security Administrator Administrator role permissions in Azure Active Directory
Exchange Online Organization Management Permissions in Exchange Online
Exchange Online PowerShell

See also:

Get Office 365 ATP

Office 365 ATP is included in Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business. If your subscription does not include Office 365 ATP, you can potentially purchase ATP as an add-on. To learn more, see the following resources:

New features in Office 365 ATP

New features are added to Office 365 ATP continually. To learn more, see the following resources: