Office 365 Advanced Threat Protection

Overview

Office 365 Advanced Threat Protection (ATP) helps to protect your organization from malicious attacks by:

Protection through Office 365 ATP is determined by policies that your organization's security team defines for Safe Links, Safe Attachments, and Anti-Phishing. It's important to periodically review and revise your policies to keep them up to date and to take advantages of new features that are added to the service. Reports are available to show how ATP is working for your organization. These reports can also show you areas where you might need to review and update your policies. And, if you have files that are marked as malware that shouldn't be, or files you'd like Microsoft to examine, you can submit a file to Microsoft for analysis.

New features are continually being added to ATP

We are continuing to add new features to Office 365, and that includes ATP. Below is a list of several new features, some of which call for an ATP policy to be reviewed and updated. To learn more about new features coming to ATP (or Microsoft 365 in general), visit the Microsoft 365 Roadmap.

  • Beginning in late October 2017, ATP Safe Links protection is extended to apply to URLs in email as well as URLs in Office 365 ProPlus documents, such as Word, Excel, PowerPoint, and Visio on Windows, as well as Office apps on iOS and Android devices. (Make sure you're using Modern Authentication for Office.)

  • Beginning in March 2018, ATP Safe Links protection is extended to apply to email sent between people within an organization. (Make sure to review and edit your ATP Safe Links policies.)

  • Beginning in late May 2018, quarantine capabilities in the Security & Compliance Center are being extended to ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams.

  • Beginning in the second half of 2018, ATP Safe Links protection is extended to apply to URLs in Office Online (Word Online, Excel Online, PowerPoint Online, and OneNote Online) and Office 365 ProPlus on Mac. (Make sure to review and edit your ATP Safe Links policies.)

  • Beginning in September 2018, Office 365 ATP warning pages feature a new color scheme, more details, and the ability to continue to a site despite given warnings and recommendations.

  • Beginning in October 2018 and rolling out over the next several months, when people are using Outlook Web Application (OWA) or Outlook, ATP Safe Links renders original URLs, not rewritten URLs. (We call this native link visibility.)

Get Office 365 ATP

Important

Office 365 ATP is included in subscriptions, such as Microsoft 365 Enterprise, Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business. If your organization has an Office 365 subscription that does not include Office 365 ATP, you can potentially purchase ATP as an add-on. For more information, see Office 365 Advanced Threat Protection Service Description.

  1. As a global or security administrator, go to https://portal.office.com and sign in with your work or school account for Office 365.

  2. Choose Admin > Billing to see what your current subscription includes.
    As a global admin, sign in at portal.office.com and go to Admin > Billing

  3. If you see Office 365 Enterprise E5, Office 365 Education A5, or Microsoft 365 Business, then your organization has ATP.
    If you see a different subscription, such as Office 365 Enterprise E3 or Office 365 Enterprise E1, consider adding ATP. To do that, choose + Add subscription.

Once you have ATP, the next step is for your security team to define policies.

Define policies for ATP

See how ATP is working by viewing reports

After your ATP policies are in place, reports are available to show how the service is working.

The Security & Compliance Center dashboard can help you see where Advanced Threat Protection is working

  1. Make sure that you are an Office 365 global administrator, security administrator, or security reader. (See Permissions in the Office 365 Security & Compliance Center.)

  2. View reports for Advanced Threat Protection.

  3. If needed, make adjustments to your security policies. See the following resources:

Submit a suspicious file to Microsoft for analysis