Text Box



Advanced Threat Protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. ATP solutions can be available as software or as managed services. ATP solutions can differ in approaches and components. There are three primary goals for each ATP solution: - 

  1. Early detection: Detection of potential threats before they are able to breach systems. 

  1. Adequate protection: Ability to defend against detected threats swiftly. 

  1. Response: The ability to mitigate threats and respond to security incidents.   

 The primary benefit offered by ATP is its ability to prevent, detect and respond to new cyberattacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. 

ATP In Office 365 

Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. ATP includes: 

  1. Threat protection policies 

  1. Reports 

  1. Threat investigation and response capabilities 

  1. Automated response and investigation capabilities 

Threat Protection Policies Of Office 365 ATP 

Threat protection policies allow us to set the appropriate level of threat for our organization. Office 365 ATP provides numerous tools to set an appropriate level of protection for your organization. They are: - 

  1. ATP safe attachments 

  1. ATP safe links 

  1. ATP for SharePoint, OneDrive and Microsoft Teams 

  1. ATP anti-phishing protection 

In this article, we are only going to focus on ATP safe attachments 

ATP Safe Attachments 

ATP safe attachments check to see if E-mail attachments or files are malicious and then protects your organization as per the ATP Safe attachment policy configured by the Office 365 administrator. To setup your own ATP safe attachments, follow these steps: -  






  1. Visit https://protection.office.com  and Sign in with your work or school account. 

  1. In the office 365 Security and Compliance Centre, in the left navigation pane, under Threat Management, choose Policy->Safe Attachments. 


  1. After that, click on the +' sign. 








  1. Specify the name, description and settings for the policy. 


For example, to set up a policy called ‘no delays’ that delivers everyone's messages immediately and then reattaches attachments after they're scanned, you might specify the following settings: 

  • In the Name box, type No Delays. 

  • In the description box, type a description like, Delivers messages immediately and reattaches attachments after scanning. 

  • In the response section, choose the dynamic delivery option. 

  • In the Redirect attachment section, select the option to enable redirect and type the email address of your Office 365 global administrator, security administrator, or security analyst who will investigate malicious attachments. 

  • In the Applied To section, choose The recipient domain is, and then select your domain. Choose Add, and then choose OK. 



  1. Click on Save. 


ATP Safe Attachment Policy Options 

The ATP Safe attachment policy options can be summarized as: 

  • Off: This option does not scan attachments for malware, and it does not delay message delivery. 

  • Monitor: Delivers messages with attachments and then tracks what happens with detected malware. 

  • Block: Prevents messages with detected malware from proceeding. 

  • Replace: Removes detected malware attachments and notifies recipients about it. 

  • Dynamic Delivery: Delivers messages immediately  
    Replaces attachments with a placeholder file until scanning is complete, and then reattaches the attachments if no malware is detected 

  • Enable Redirect: Sends attachments to a specified email address where security administrators or analysts can investigate 












https://www.thewindowsclub.com/atp-safe-       attachments-policies-in-office-365 







Page Break 

ShapeText BoxText BoxText BoxText BoxText Box