Office 365 Advanced Threat Protection

Office 365 Advanced Threat Protection (ATP) helps to protect your organization from malicious attacks by:

Protection through Office 365 ATP is determined by policies that your organization's security team defines for Safe Links, Safe Attachments, and Anti-Phishing. Reports are available to show how ATP is working for your organization. And, you can submit suspicious files to Microsoft for analysis.

Office 365 ATP is included in subscriptions, such as Office 365 Enterprise E5 and Office 365 Education A5, and, as of April 30, 2018, also Microsoft 365 Business. If your organization has an Office 365 subscription that does not include Office 365 ATP, you can potentially purchase ATP as an add-on. For more information, see Office 365 Advanced Threat Protection Service Description.

What do you want to do?

Get Office 365 ATP

  1. As a global or security administrator, go to https://portal.office.com and sign in with your work or school account for Office 365.

  2. Choose Admin > Billing to see what your current subscription includes.

    As a global admin, sign in at portal.office.com and go to Admin > Billing

  3. If you see Office 365 Enterprise E5, Office 365 Education A5, or Microsoft 365 Business, then your organization has ATP.

    If you see a different subscription, such as Office 365 Enterprise E3 or Office 365 Enterprise E1, consider adding ATP. To do that, choose + Add subscription.

Once you have ATP, the next step is for your security team to define policies for Safe Links, Safe Attachments, and Anti-phishing protection.

Define policies for ATP

See how ATP is working by viewing reports

After your ATP policies are in place, reports are available to show how the service is working.

The Security & Compliance Center dashboard can help you see where Advanced Threat Protection is working
  1. Make sure that you are an Office 365 global administrator, security administrator, or security reader. (See Permissions in the Office 365 Security & Compliance Center.)

  2. View reports for Advanced Threat Protection and Exchange Online Protection, including the Threat protection status report.

  3. If needed, make adjustments to your security policies. See the following resources:

Submit a suspicious file to Microsoft for analysis

If you get a file that you suspect could be malware, you can submit that file to Microsoft for analysis. Visit the Windows Defender Security Intelligence submission portal.

Related topics

Overview of the Office 365 Security & Compliance Center
View the reports for Advanced Threat Protection
Threat management in the Office 365 Security & Compliance Center

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×