Office 365Advanced Threat Protection includes safe links, safe attachments, spoof intelligence, and advanced anti-phishing capabilities. Advanced Threat Protection helps protect your organization from malicious attacks by scanning attachments and hyperlinks in email messages, and detecting unauthorized spoof mail.
Protection is driven by the policies for safe links and safe attachments that global administrators or security administrators define. Reports are available to show how Advanced Threat Protection is working for your organization. In addition, you can submit a suspicious file to Microsoft for analysis.
Beginning in late November 2017 and over the next several weeks, ATP protection is being extended to files in SharePoint Online, OneDrive for Business, and Microsoft Teams. To learn more, see Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams.
What do you want to do?
Get Office 365 Advanced Threat Protection
As a global or security administrator, go to https://portal.office.com and sign in with your work or school account for Office 365.
Choose Admin > Billing to see what your current subscription includes.
If you see Office 365 Enterprise E5, then your organization has Advanced Threat Protection.
If you see a different subscription, such as Office 365 Enterprise E3 or Office 365 Enterprise E1, then you can add Advanced Threat Protection. To do that, choose + Add subscription.
Define policies for ATP safe links and safe attachments
In order for ATP protection to be in place, policies must be defined. Use the following resources to define your ATP safe links and safe attachments policies.
Turn on ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams (when this feature becomes available for your organization)
See how ATP is working
After Advanced Threat Protection policies are set up, reports are available to show how the service is working.
If you are a global administrator, security administrator, or security analyst, you can view reports for Advanced Threat Protection and Exchange Online Protection in the Office 365 Security & Compliance Center. For example, a Threat protection status report is available to show what files were detected and the actions that were taken.
Submit a suspicious file to Microsoft for analysis
If you get a file that you suspect could be malware, you can submit that file to Microsoft for analysis. Visit the Windows Defender Security Intelligence submission portal.