Office 365 Advanced Threat Protection

Office 365Advanced Threat Protection includes safe links, safe attachments, spoof intelligence, and advanced anti-phishing capabilities. Advanced Threat Protection helps protect your organization from malicious attacks by scanning attachments and hyperlinks in email messages, and detecting unauthorized spoof mail.

Protection is driven by the policies for safe links and safe attachments that global administrators or security administrators define. Reports are available to show how Advanced Threat Protection is working for your organization. In addition, you can submit a suspicious file to Microsoft for analysis.

Beginning in late November 2017 and over the next several weeks, ATP protection is being extended to files in SharePoint Online, OneDrive for Business, and Microsoft Teams. To learn more, see Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams.

What do you want to do?

Get Office 365 Advanced Threat Protection

  1. As a global or security administrator, go to https://portal.office.com and sign in with your work or school account for Office 365.

  2. Choose Admin > Billing to see what your current subscription includes.

    As a global admin, sign in at portal.office.com and go to Admin > Billing

  3. If you see Office 365 Enterprise E5, then your organization has Advanced Threat Protection.

    If you see a different subscription, such as Office 365 Enterprise E3 or Office 365 Enterprise E1, then you can add Advanced Threat Protection. To do that, choose + Add subscription.

Once you have Advanced Threat Protection, your next step is to define policies for safe links and safe attachments.

Define policies for ATP safe links and safe attachments

In order for ATP protection to be in place, policies must be defined. Use the following resources to define your ATP safe links and safe attachments policies.

See how ATP is working

After Advanced Threat Protection policies are set up, reports are available to show how the service is working.

The Security & Compliance Center dashboard can help you see where Advanced Threat Protection is working

If you are a global administrator, security administrator, or security analyst, you can view reports for Advanced Threat Protection and Exchange Online Protection in the Office 365 Security & Compliance Center. For example, a Threat protection status report is available to show what files were detected and the actions that were taken.

Submit a suspicious file to Microsoft for analysis

If you get a file that you suspect could be malware, you can submit that file to Microsoft for analysis. Visit the Windows Defender Security Intelligence submission portal.

Related topics

Overview of the Office 365 Security & Compliance Center
View the reports for Advanced Threat Protection
Threat management in the Office 365 Security & Compliance Center

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×