If your organization has Office 365 Advanced Threat Protection (ATP) and you have the necessary permissions, you can use several ATP reports in the Security & Compliance Center. (Go to Reports > Dashboard.)
ATP reports include the Threat protection status report, the ATP File Types report, and the ATP Message Disposition report. This article describes the ATP reports and includes links to additional reports in the Security & Compliance Center.
Threat protection status report
The Threat protection status report is a single view that brings together information about malicious content and malicious email detected and blocked by Exchange Online and Advanced Threat Protection. The report provides an aggregated count of unique email messages with malicious content (files or URLs) blocked by the anti-malware engine, zero-hour auto purge (ZAP), and Advanced Threat Protection features, such as ATP Safe Links, ATP Safe Attachments, and ATP anti-phishing capabilities in Office 365.
To view the Threat protection status report, in the Security & Compliance Center, go to Reports > Dashboard > Threat protection status.
To get detailed status for a day, hover over the graph.
By default, the Threat protection status report shows data for the past seven days. However, you can choose Filters and change the date range to view data for up to 90 days.
You can also use the View data by menu to change what information is displayed in the report.
ATP File Types report
The ATP File Types report shows you the type of files detected as malicious by ATP Safe Attachments.
To view this report, in the Security & Compliance Center, go to Reports > Dashboard > ATP File Types.
When you hover over a particular day, you can see the breakdown of types of malicious files that were detected by ATP Safe Attachments and anti-spam & anti-malware protection in Office 365.
ATP Message Disposition report
The ATP Message Disposition report shows you the actions that were taken for email messages that were detected as having malicious content.
To view this report, in the Security & Compliance Center, go to Reports > Dashboard > ATP Message Disposition.
When you hover over a bar in the chart, you can see what actions were taken for detected email for that day.
Additional reports to view
In addition to the ATP reports described in this article, email security reports are available in the Security & Compliance Center. Email security reports include a Top Senders and Recipients report, a Spoof Mail report, a Spam Detections report, and more.
And, if your organization has Office 365 Threat Intelligence, you can also Use Explorer in the Security & Compliance Center.
What permissions are needed to view these reports?
In order to view and use the email security reports described in this article, you must have an appropriate role assigned in the Security & Compliance Center and in the Exchange Admin Center.
|
Role group |
Where assigned |
Learn more |
|
One of the following:
|
Security & Compliance Center |
|
|
One of the following:
|
Exchange Admin Center |
What if the reports aren't showing data?
If you are not seeing data in your reports, double-check that your policies are set up correctly. Your organization must have ATP Safe Links policies and ATP Safe Attachments policies defined in order for ATP protection to be in place. Also see Anti-spam and anti-malware protection in Office 365.
Related topics
Reports and insights in the Office 365 Security & Compliance Center
Create a schedule for a report in the Security & Compliance Center
Set up and download a custom report in the Security & Compliance Center
