Office 365 高级威胁防护服务说明Office 365 Advanced Threat Protection service description

Microsoft Office 365 高级威胁防护 (ATP) 是一种基于云的电子邮件筛选服务,通过提供强健的零天保护来帮助您的组织抵御未知恶意软件和病毒,并包括实时保护组织免受有害链接的功能。Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. ATP 具有丰富的报告功能和 URL 跟踪功能,可让管理员了解组织中发生的攻击种类。ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.

以下是你可以使用 ATP 进行邮件保护的主要方式:The following are the primary ways you can use ATP for message protection:

  • 在 Office 365 ATP 仅筛选方案中,ATP 将为你的本地 Exchange Server 环境或任何其他本地 SMTP 电子邮件解决方案提供基于云的电子邮件保护。In an Office 365 ATP filtering-only scenario, ATP provides cloud-based email protection for your on-premises Exchange Server environment or any other on-premises SMTP email solution.

  • 可以启用 Office 365 ATP 来保护 Exchange Online 的云托管邮箱。Office 365 ATP can be enabled to protect Exchange Online cloud-hosted mailboxes. 若要了解有关 Exchange Online 的详细信息,请参阅 Exchange online 服务说明To learn more about Exchange Online, see the Exchange Online service description.

  • 在混合部署中,当邮箱中混合了本地邮箱和云邮箱并且使用 Exchange Online Protection 筛选入站电子邮件时,可配置 ATP 以保护邮件环境和控制邮件路由。In a hybrid deployment, ATP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.

Office 365 高级威胁防护 (ATP) 可用性Office 365 Advanced Threat Protection (ATP) availability

Office 365 E5、Office 365 A5 和 Microsoft 365 E5 中包含 Office 365 ATP 计划 2。Office 365 ATP Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. Office 365 ATP 计划 1 包含在 Microsoft 365 商业高级版中。Office 365 ATP Plan 1 is included in Microsoft 365 Business Premium.

您可以向以下 Exchange 和 Microsoft 365 订阅计划中添加 ATP:You can add ATP to the following Exchange and Microsoft 365 subscription plans:

  • Exchange Online 计划 1Exchange Online Plan 1

  • Exchange Online 计划 2Exchange Online Plan 2

  • Exchange Online KioskExchange Online Kiosk

  • Exchange Online ProtectionExchange Online Protection

  • Microsoft 365 商业基础版Microsoft 365 Business Basic

  • Microsoft 365 商业标准版Microsoft 365 Business Standard

  • Office 365 企业版 E1Office 365 Enterprise E1

  • Office 365 企业版 E3Office 365 Enterprise E3

  • Office 365 企业版 F3Office 365 Enterprise F3

  • Office 365 A1Office 365 A1

  • Office 365 A3Office 365 A3

若要购买 Office 365 高级威胁防护,请参阅 office 365 高级威胁防护To buy Office 365 Advanced Threat Protection, see Office 365 Advanced Threat Protection.

若要跨计划比较功能,请参阅 强大的工具来支持您的企业使用 Microsoft 365 转换企业To compare features across plans, see Powerful tools to support your enterprise and Transform your enterprise with Microsoft 365.

Office 365 高级威胁防护中的新增功能 (ATP) What's new in Office 365 Advanced Threat Protection (ATP)

我们正在继续向 Office 365 ATP 添加新功能。We are continuing to add new features to Office 365 ATP. 若要了解有关即将 ATP (或 Microsoft 365 常规) 的新功能的详细信息,请参阅以下资源:To learn more about new features coming to ATP (or Microsoft 365 in general), see the following resources:

Office 365 高级威胁防护的要求 (ATP) Requirements for Office 365 Advanced Threat Protection (ATP)

ATP 可以与任何 SMTP 邮件传输代理(如 Microsoft Exchange Server)一起使用。ATP can be used with any SMTP mail transfer agent, such as Microsoft Exchange Server. 有关 ATP 支持的操作系统、web 浏览器和语言的信息,请参阅 exchange Online Protection 中 exchange 管理中心的 "支持的浏览器" 和 "支持的语言" 部分。For information about the operating systems, web browsers, and languages that are supported by ATP, see the "Supported browsers" and "Supported languages" sections in Exchange admin center in Exchange Online Protection.

跨高级威胁防护的功能可用性 (ATP) 计划Feature availability across Advanced Threat Protection (ATP) plans

下面列出了每个功能。当提到 Exchange Online 时,通常指的是 Office 365 企业版服务系列。Each feature is listed below. When Exchange Online is mentioned, it typically refers to the Office 365 Enterprise service family.

功能Feature ATP 计划1ATP Plan 1
(以前的 ATP 独立) (formerly ATP standalone)
ATP 计划2ATP Plan 2
(以前的威胁情报(formerly Threat Intelligence
独立) standalone)
Microsoft 365 E5/E5 安全Microsoft 365 E5 / E5 Security
配置、保护和检测Configuration, protection, and detection
安全附件Safe Attachments Yes Yes Yes
团队中的安全附件Safe Attachments in Teams Yes Yes Yes
安全链接Safe Links Yes Yes Yes
安全文档Safe Documents No No Yes
Teams 中安全链接Safe Links in Teams Yes Yes Yes
SharePoint、OneDrive 和 Microsoft 团队的 ATPATP for SharePoint, OneDrive and Microsoft Teams Yes Yes Yes
防钓鱼策略Anti-phishing policies Yes Yes Yes
实时报告Real-time reports Yes Yes Yes
自动化、调查、修正和教育Automation, investigation, remediation, and education
威胁跟踪器Threat Trackers No Yes Yes
威胁调查 (高级威胁调查) Threat investigation (advanced threat investigation) 实时检测Real-time detections 资源管理器Explorer 资源管理器Explorer
自动化事件响应Automated incident response No Yes Yes
攻击模拟器Attack Simulator No Yes Yes

提示

想要一个可下载的 Office 365 ATP 计划1与计划2之间的差异列表吗?Want a downloadable list of differences between Office 365 ATP Plan 1 and Plan 2? 获取 PDFGet the PDF.

高级威胁防护 (ATP) 功能Advanced Threat Protection (ATP) capabilities

安全附件Safe Attachments

ATP 安全附件 针对未知恶意软件和病毒提供保护,并提供为期零天的保护,以保护您的邮件系统。ATP Safe Attachments protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system. 所有不带有已知的病毒/恶意软件签名的邮件和附件都被路由到一个特殊的环境中,ATP 将在其中使用多种机器学习和分析技术来检测恶意企图。All messages and attachments that don't have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. 如果没有检测到可疑的活动,会发布邮件并传递到邮箱中。If no suspicious activity is detected, the message is released for delivery to the mailbox.

备注

ATP 安全附件扫描发生在 Office 365 数据所在的同一个区域中。ATP Safe Attachments scanning takes place in the same region where your Office 365 data resides. 有关数据中心地理位置的详细信息,请参阅 您的数据位于何处?For more information about data center geography, see Where is your data located?

ATP 安全链接功能主动保护您的用户免受邮件中或 Office 文档中的恶意 url 的攻击。The ATP Safe Links feature proactively protects your users from malicious URLs in a message or in an Office document. 每次选择链接时,将继续提供保护,因为会在访问良好的链接时动态地阻挡恶意链接。The protection remains every time they select the link, as malicious links are dynamically blocked while good links can be accessed.

安全链接可用于以下应用程序中的 Url:Safe Links is available for URLs in the following apps:

  • 适用于 Windows 或 Mac 的 Microsoft 365 企业版应用程序Microsoft 365 Apps for enterprise on Windows or Mac

  • Office for web (Word for web、适用于 web 的 Excel、PowerPoint for web 以及适用于 web 的 OneNote) Office for the web (Word for the web, Excel for the web, PowerPoint for the web, and OneNote for the web)

  • Windows 上的 Word、Excel、PowerPoint 和 Visio,以及 iOS 和 Android 设备上的 Office 应用Word, Excel, PowerPoint, and Visio on Windows, as well as Office apps on iOS and Android devices

  • Microsoft Teams 频道和聊天Microsoft Teams channels and chats

备注

用户必须获得 ATP 许可 * ,必须包含在 Atp 安全链接策略中,并且必须在其设备上登录,才能就地保护。Users must be licensed for ATP*, must be included in ATP Safe Links policies, and must be signed in on their devices for protection to be in place.

* 对于组织范围的 ATP 许可证 (例如,ATP_ENTERPRISE_FACULTY) ,无需向单个用户分配 ATP 许可证。* For organization-wide ATP licenses (for example, ATP_ENTERPRISE_FACULTY), you don't need to assign ATP licenses to individual users.

有关 ATP 安全链接保护的详细信息,请参阅 Atp 安全链接如何处理 Office 文档中的 urlFor more information about ATP Safe Links protection, see How ATP Safe Links works with URLs in Office documents.

安全文档Safe Documents

ATP 安全文档功能使用Microsoft Defender 高级威胁防护来扫描在受保护视图中打开的文档和文件。The ATP Safe Documents feature uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View.

开始前,有必要了解什么?What do you need to know before you begin?

  • 安全文档现在对 Office 版本 2004 () 或更高版本的用户通常可用!Safe Documents is now generally available to users with Office Version 2004 (12730.x) or greater! 此功能在默认情况下处于禁用状态,将需要由安全管理员启用。This feature is off by default and will need to be enabled by the Security Administrator.

  • 此功能仅适用于使用 Microsoft 365 E5 或 Microsoft 365 E5 安全许可证的用户 (不包含在 Office 365 ATP 计划) 中。This feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security license (not included in Office 365 ATP plans).

  • Windows 上的 Word、Excel、PowerPoint 和 Visio,以及 iOS 和 Android 设备上的 Office 应用Word, Excel, PowerPoint, and Visio on Windows, as well as Office apps on iOS and Android devices

  • Microsoft Teams 频道和聊天Microsoft Teams channels and chats

备注

用户必须获得 Microsoft 365 E5 或 Microsoft 365 E5 安全性 * ,必须包含在 ATP 安全文档策略中,并且必须在其设备上登录,才能就地保护。Users must be licensed for Microsoft 365 E5 or Microsoft 365 E5 Security*, must be included in ATP Safe Documents policies, and must be signed in on their devices for protection to be in place.

有关 ATP 安全文档保护的详细信息,请参阅 Microsoft 365 E5 中的安全文档For more information about ATP Safe Documents protection, see Safe Documents in Microsoft 365 E5.

适用于 SharePoint、OneDrive 和 Microsoft Teams 的 ATPATP for SharePoint, OneDrive, and Microsoft Teams

SharePoint、OneDrive 和 Microsoft 团队的 ATP 可帮助检测和阻止在工作组网站和文档库中被标识为恶意的文件。ATP for SharePoint, OneDrive, and Microsoft Teams helps detect and block files that are identified as malicious in team sites and document libraries. 此外,ATP 安全链接保护现已在 Microsoft 团队频道和聊天中提供。In addition, ATP Safe Links protection is now available in Microsoft Teams channels and chats.

防钓鱼策略Anti-phishing policies

ATP 反网络钓鱼 检查传入的邮件,以指示邮件可能是网络钓鱼尝试。ATP anti-phishing checks incoming messages for indicators that a message might be a phishing attempt. 当用户在 ATP 策略(安全附件、安全链接或防钓鱼)涵盖范围内时,将通过多个可分析邮件的机器学习模型来评估传入的邮件,然后根据配置的策略采取相应操作。When users are covered by ATP policies (Safe Attachments, Safe Links, or anti-phishing), incoming messages are evaluated by multiple machine learning models that analyze messages and the appropriate action is taken, based on the configured policies.

实时报告Real-time reports

安全 & 合规性中心中提供的监视功能包括 实时报告和见解 ,使您的安全和合规性能够重点关注高优先级问题,如安全攻击或更高的可疑活动。Monitoring capabilities available in the Security & Compliance Center include real-time reports and insights that let your security and compliance administrators focus on high-priority issues, such as security attacks or increased suspicious activity. 除了突出显示问题区域之外,智能报告和见解还包括用于查看和浏览数据的建议和链接,同时还采取快速操作。In addition to highlighting problem areas, smart reports and insights include recommendations and links to view and explore data and also take quick actions.

资源管理器Explorer

资源管理器(也称为威胁资源管理器)是一种实时报告,可让授权用户能够识别和分析最近的威胁。Explorer (also referred to as Threat Explorer) is a real-time report that lets authorized users identify and analyze recent threats. 默认情况下,此报告显示过去 7 天的数据;但是,可以修改视图以显示过去 30 天的数据。By default, this report shows data for the past 7 days; however, views can be modified to show data for the past 30 days.

资源管理器包含用于电子邮件和内容) 、提交、网络钓鱼和所有电子邮件的恶意软件 (的视图。Explorer contains views, such as Malware (for email and content), Submissions, Phish, and All Email. 若要查看浏览器与实时检测的比较情况,请 下载此 PDFTo see how Explorer compares with real-time detections, download this PDF.

有关浏览器 (Office 365 高级威胁防护计划 2) 和实时检测 (在 Office 365 高级威胁防护计划 1) 中的详细信息,请参阅 威胁资源管理器和实时检测For more information about Explorer (in Office 365 Advanced Threat Protection Plan 2) and real-time detections (in Office 365 Advanced Threat Protection Plan 1), see Threat Explorer and real-time detections.

实时检测Real-time detections

实时检测是一种实时报告,可让授权用户能够识别和分析最近的威胁。Real-time detections is a real-time report that lets authorized users identify and analyze recent threats. 此报告与资源管理器类似,默认情况下显示过去 7 天的数据。Similar to Explorer, by default, this report shows data for the past 7 days.

实时检测包含用于电子邮件和内容) 、提交和网络钓鱼的恶意软件 (的视图。Real-time detections contain views, such as Malware (for email and content), Submissions, and Phish. 若要查看实时检测与资源管理器的比较情况,请 下载此 PDFTo see how real-time detections compare with Explorer, download this PDF.

有关浏览器 (Office 365 高级威胁防护计划 2) 和实时检测 (在 Office 365 高级威胁防护计划 1) 中的详细信息,请参阅 威胁资源管理器 (和实时检测) For more information about Explorer (in Office 365 Advanced Threat Protection Plan 2) and real-time detections (in Office 365 Advanced Threat Protection Plan 1), see Threat Explorer (and real-time detections).

威胁跟踪器Threat Trackers

威胁跟踪 程序是信息小组件和视图,为授权用户提供了可能会影响您的组织的 cybersecurity 问题的智能。Threat Trackers are informative widgets and views that provide authorized users with intelligence on cybersecurity issues that might impact your organization.

自动化事件响应Automated incident response

Office 365 ATP 计划2中提供的自动事件响应 (空中) 功能使您能够运行自动调查过程,以应对目前存在的已知威胁。Automated incident response (AIR) capabilities available in Office 365 ATP Plan 2 enable you to run automated investigation processes in response to well known threats that exist today. 通过自动执行某些调查任务,安全操作团队可以更高效地运行。By automated certain investigation tasks, your security operations team can operate more efficiently and effectively. 安全操作团队批准执行更正操作,如删除恶意电子邮件。Remediation actions, such as deleting malicious email messages, are taken upon approval by your security operations team. 若要了解详细信息,请参阅 Office 365 中的 AIR 的工作原理To learn more, see How AIR works in Office 365.

攻击模拟器Attack Simulator

攻击模拟器 允许授权用户在您的组织中运行实际的攻击方案。Attack Simulator lets authorized users run realistic attack scenarios in your organization. 有几种不同类型的攻击可供使用,其中包括显示名称 spear 网络钓鱼攻击、密码喷涂攻击和强力密码攻击。Several different kinds of attacks are available, including a display name spear-phishing attack, a password-spray attack, and a brute-force password attack.