Office 365 Advanced Threat Protection Service Description
Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.
The following are the primary ways you can use ATP for messaging protection:
In an Office 365 ATP filtering-only scenario, ATP provides cloud-based email protection for your on-premises Exchange Server 2013 environment, legacy Exchange Server versions, or any other on-premises SMTP email solution.
Office 365 ATP can be enabled to protect Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online Service Description.
In a hybrid deployment, ATP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.
Office 365 Advanced Threat Protection (ATP) availability
ATP is included in Office 365 Enterprise E5, Office 365 Education A5, and Microsoft 365 Business.
Client-dependent ATP features in Microsoft 365 Business will be available Summer 2018.
You can add ATP to the following Exchange and Office 365 subscription plans:
Exchange Online Plan 1
Exchange Online Plan 2
Exchange Online Kiosk
Exchange Online Protection
Office 365 Business Essentials
Office 365 Business Premium
Office 365 Enterprise E1
Office 365 Enterprise E3
Office 365 Enterprise F1
Office 365 A1
Office 365 A3
To buy Office 365 Advanced Threat Protection, see Office 365 Advanced Threat Protection.
To compare features across plans, see Compare Office 365 for Business plans.
What's new in Office 365 Advanced Threat Protection (ATP)
For information about new features in ATP, see ATP safe links in Office 365.
Requirements for Office 365 Advanced Threat Protection (ATP)
ATP can be used with any SMTP mail transfer agent, such as Microsoft Exchange Server 2013. For information about the operating systems, web browsers, and languages that are supported by ATP, see the "Supported browsers" and "Supported languages" sections in Exchange Admin Center in Exchange Online Protection.
Feature availability across Advanced Threat Protection (ATP) plans
Each feature is listed below. When Exchange Online is mentioned, it typically refers to the Office 365 Enterprise service family.
|Feature||ATP standalone||Exchange Online Protection|
|Advanced anti-phishing capabilities
Advanced Threat Protection (ATP) Capabilities
The ATP Safe Links feature proactively protects your users from malicious hyperlinks in a message. The protection remains every time they click the link, as malicious links are dynamically blocked while good links can be accessed.
Safe Attachments protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system. All messages and attachments that don't have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.
Spoof intelligence detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization's domains. It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender. Spoof intelligence is available in the Security & Compliance Center on the Anti-spam settings page.
Messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Authorized users can review, delete, or manage email messages sent to quarantine.
Advanced anti-phishing capabilities
This feature uses machine learning models to detect phishing messages.