ADVANCED THREAT PROTECTION
Advanced Threat Protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. ATP solutions can be available as software or as managed services. ATP solutions can differ in approaches and components. There are three primary goals for each ATP solution: -
Early detection: Detection of potential threats before they breach systems.
Adequate protection: Ability to defend against detected threats swiftly.
Response: The ability to mitigate threats and respond to security incidents.
The primary benefit offered by ATP is its ability to prevent, detect and respond to new cyberattacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS.
ATP In Office 365
Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes:
Threat protection policies
Threat investigation and response capabilities
Automated response and investigation capabilities
Threat Protection Policies Office 365 ATP
Threat protection policies allow us to set the appropriate level of threat for our organization. Office 365 ATP provides numerous tools to set an appropriate level of protection for your organization. They are: -
ATP safe attachments
ATP safe links
ATP for SharePoint, OneDrive and Microsoft Teams
ATP anti-phishing protection
In this article, we are only going to focus on ATP safe attachments
ATP Safe Attachments
ATP safe attachments check to see if E-mail attachments or files are malicious and then protects your organization as per the ATP Safe attachment policy configured by the Office 365 administrator. To setup your own ATP safe attachments, follow these steps: -
Visit https://protection.office.com and Sign in with your work or school account.
In the office 365 Security and Compliance Centre, in the left navigation pane, under Threat Management, choose Policy->Safe Attachments.
After that, click on the ‘+' sign.
Specify the name, description and settings for the policy.
For example, to set up a policy called ‘no delays’ that delivers everyone's messages immediately and then reattaches attachments after they're scanned, you might specify the following settings:
In the Name box, type No Delays.
In the description box, type a description like, messages immediately and reattaches attachments after scanning.
In the response section, choose the dynamic delivery option.
In the Redirect attachment section, select the option to enable redirect and type the email address of your Office 365 global administrator, security administrator, or security analyst who will investigate malicious attachments.
In the Applied To section, choose recipient domain is, and then select your domain. Choose Add, and then choose OK.
Click on Save.
ATP Safe Attachment Policy Options
The ATP Safe attachment policy options can be summarized as:
Off: This option does not scan attachments for malware, and it does not delay message delivery.
Monitor: Delivers messages with attachments and then tracks what happens with detected malware.
Block: Prevents messages with detected malware from proceeding.
Replace: Removes detected malware attachments and notifies recipients about it.
Dynamic Delivery: Delivers messages immediately
Replaces attachments with a placeholder file until scanning is complete, and then reattaches the attachments if no malware is detected
Enable Redirect: Sends attachments to a specified email address where security administrators or analysts can investigate