Office 365 Advanced Threat Protection
Office 365 Advanced Threat Protection (ATP) provides protection by scanning email and URLs, identifying malicious files, and detecting when someone tries to impersonate one of your users to access your organization's data.
Office 365 ATP
Define threat-protection policies to set the appropriate level of protection for your organization.
View real-time reports to monitor ATP performance in your organization.
Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Save time and effort investigating and mitigating threats.
ATP Policies
Office 365 ATP provides numerous tools to set an appropriate level of protection for your organization. The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible.
Provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox.
Provides time-of-click verification of URLs in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked.
Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries.
Detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks.
ATP Reports
Office 365 ATP includes an advanced reporting dashboard to monitor your ATP performance. Reports update in real-time, providing you with the latest insights. These reports also provide recommendations and alert you to imminent threats. Predefined reports include Threat Explorer, the Threat Protection Status report, the ATP File Types report, the ATP Message Disposition report and more.
Threat investigation and response capabilities
Office 365 ATP Plan 2 includes best-of-class threat investigation and response tools that enable your organization's security team to anticipate, understand, and prevent malicious attacks.
Provide the latest intelligence on prevailing cybersecurity issues. You can view information about the latest malware, and take countermeasures before it becomes an actual threat to your organization. Available trackers include Noteworthy trackers, Trending trackers, Tracked queries, and Saved queries.
Also referred to as Threat Explorer, is a real-time report that allows you to identify and analyze recent threats. You can configure Explorer to show data for custom periods.
Allows you to run realistic attack scenarios in your organization to identify vulnerabilities. Simulations of current types of attacks are available, including a display name spear-phishing attack, a password-spray attack, a brute-force password attack, and more.
When you are investigating a potential cyber attack, time is of the essence. The sooner you can identify and mitigate threats, the better off your organization will be. Office 365 ATP Plan 2 will now include automated investigation and response (AIR) capabilities. AIR includes a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as from a view in Threat Explorer. AIR can save your security operations team time and effort in mitigating threats, effectively and efficiently.