Microsoft Office 365 Advanced Threat
Protection (ATP) is a cloud‐based email
filtering service that helps protect your
organization against unknown malware and
viruses by providing robust zero‐day
protection. ATP includes features to
safeguard your organization from harmful
links in real time.
ATP has rich reporting and URL trace
capabilities that give administrators insight
into the types of attacks taking place in your
Primary uses of ATP for messaging protection:
In an Office 365 ATP filtering‐only
scenario, ATP provides
cloud‐based email protection for
your on‐premises Exchange Server
2013 environment, legacy
Exchange Server versions, or any
other on‐premises SMTP email
Office 365 ATP also works with
0365 email solutions, it can be
enabled to protect Exchange
Online cloud‐hosted mailboxes.
To learn more about Exchange
Online, see the Exchange Online
In a hybrid deployment, ATP can
be configured to protect your
messaging environment and control
mail routing when you have a mix
of on‐premises and cloud
mailboxes with Exchange Online
Protection for inbound email
Safe Links ‐ proactively protects your users from malicious hyperlinks in a message. The protection remains intact every time a user clicks the link, as malicious links are dynamically blocked while good links can be accessed.
Safe Attachments ‐ protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system. All messages and attachments that don’t have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent.If no suspicious activity is detected, the message is released for delivery to the mailbox.
Spoof intelligence ‐ detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains. It enables you to review all senders who are spoofing your domain, and then decides whether to allow or to block the sender from sending the mail. Spoof intelligence is available in the Security & Compliance Center on the Anti‐spam settings page.
Quarantine ‐ messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Authorized users can review, delete, or manage email messages sent to quarantine.Advanced anti‐phishing capabilities ‐ uses machine learning models to detect phishing messages.
Impersonation attacks – ATP protects in real time as well as protecting against impersonation attacks.