An introduction to the anti-phishing saviour: Office 365 ATP


Over the years, there have been many attempts to create foolproof anti-phishing software. Up until now, most have failed, that was until Office 365 ATP.

We’re almost certain that at some time or another, you’ve received a “dodgy” looking email from someone you don’t know (or worse, someone you do!)

We all use email, it’s one of the most powerful methods of communication today, but spam emails are one of the most common ways hackers can get into your system. In fact, according to research conducted by PhishMe, phishing emails are responsible for a whopping 91% of cyber attacks.

Watch the Office 365 Office 365 ATP video demonstration

Sometimes the results of falling fowl of such attacks are more obvious, ransomware – for example. Whereas, other times the danger is that they remain undetected, allowing hackers to move silently through your network, causing all kinds of havoc.

What kinds of havoc, you may wonder. Generally, hackers are looking to steal sensitive data, potentially to damage your reputation, ransom it for cash or to impersonate your business. In a nutshell, here’s what’s on the line:

• Intellectual property
• Login details to your company and personal resources
• Company and personal data
• Access to company and personal communications
• You hard earned cash

I am going to go out on a limb and assume for most readers, that’s your entire business that could be on the line.

On top of this, it’s becoming increasingly common for these types of attacks to be one step ahead of the protections you’ve put in place – often referred to as “zero-day” attacks. But, don’t worry, it’s not all bad news…

Microsoft has come up with Office 365 Advanced Threat Protection (or Office 365 ATP for short). The idea is to be proactive rather than flying into a reactive panic should something nasty manage to sneak into someone’s inbox.

So, why Microsoft Office 365 ATP?

Microsoft invests over $1 billion per year in the detection of cyber security threats. They employ thousands of experts across the globe, scanning 400 billion emails, 1.2 billion devices, 450 billion authentications every single month. Their security databases collect and analyse an estimated 6.5 trillion signals per day from users, endpoints, user data, cloud apps and infrastructure. Understandably then, Microsoft has a pretty good idea of the cyber security issues out there and how to deal with them.

Office 365 ATP is their solution, and these are the four core features…

Safe Attachments

In an ideal world, malicious email attachments would be spotted as suspicious by the recipient and deleted or reported to IT. Unfortunately, this isn’t always the case, and it is pretty easy to understand why; when you’re busily flying through your emails, filing, responding and deleting, it’s easy to accidentally click something you shouldn’t have – even if you’ve followed our guide to identifying phishing emails. Sometimes, this is all it can take, and before you know it, the business is on its knees. This is where Safe Attachments comes in.

When you click on that nasty attachment, Office 365 ATP will open it first in an isolated environment known as a Sandbox. In this “box”, Microsoft will meticulously scan the content for malicious code. If it’s found to be trouble free, it will simply open as normal, but, if a threat is detected, something like the following will appear:

Each Month, Microsoft scans and detonates over 1 billion items, and the information that’s collected is fed back to their security systems to improve the capability of Office 365 ATP.

Safe Links

Even nastier than problematic attachments are malicious links. It’s why it’s always worth remembering the golden rule of never clicking a link in an email from a sender you don’t trust. However, we all know it’s not that simple, and sometimes, mistakes happen. Additionally, sophisticated hackers will deliver malicious links hidden behind seemingly benign links that can pass through traditional spam filters.

Safe Links checks the link right at the point of click, and triggers detonation if necessary. If the link is picked up by the Microsoft security databases, you’ll be presented with a page that looks like this:

Another impressive feature is that Safe Links will carry out the same link scanning on emails sent within the company – they don’t even have to come from an external source to get the same level of scanning.

Users are also made aware of the site they’re going to be directed to, if they click the link, using something called Native Link Rendering. Beyond that, the service continues to scan email content for days afterwards, acting on any newly identified threats which may have been missed the first time.

Plus, users can self-report any message that they consider suspicious, to the IT team and Microsoft for further analysis. And, all of this protection also extends to documents uploaded to SharePoint or Microsoft Teams. Pretty impressive – right!?

Anti-phishing policies

Office 365 ATP Anti-Phishing Policies help to prevent one of the most prevalent forms of attack today. Phishing emails are at their most dangerous when they appear to come from someone who you know or trust, and Office 365 ATP detects these types of impersonation attacks, allowing your IT team to take appropriate action on messages.

Office 365 ATP uses machine learning around each mailbox to form a contact graph of whom each member of staff is normally in contact with, providing a strong signal to determine what behaviour is good, and what looks a bit suspicious.

To determine if what’s inside the message is good or bad, Microsoft utilises a number of standard anti-virus and anti-malware tools that work alongside the Safe Links and Safe Attachments features.

Real-time Reports

All of this activity in your organisation is collected and pooled in Office 365 Real-time Reports, where you can review everything in one place.

Here, you can see historical threat protection status, which brings together information found and blocked by ATP in one place.

You can get detailed reports from a particular day.

And also review what actions were taken for messages that were detected as having malicious content.

You can drill down into the reporting information to look at the top malware types, the top targeted users, and look at threats based on sender, recipient and subject.

Filtering on sender allows you to see all of the emails sent from a specific sener used in a phishing campaign, you can then purge all of those emails at once, from across the whole organisation. Naturally, a lot of this work would be done by your in-house IT staff or IT team.

On top of all of this, Office 365 ATP has built-in Phishing Simulations, allowing you to get a really clear picture of how susceptible your staff are to phishing attacks, putting training in place where necessary.

In conclusion…

Office 365 ATP provides incredibly sophisticated protection for Office 365 email, Microsoft Teams and SharePoint. It looks at everything from the source, to the sender and the contents, recommending which post-delivery protections need to be put in place. At any time, you or your IT team can establish what’s going on across the organisation and respond, in real time, to any threats. Whilst traditional spam filters have been crossing their fingers and hoping you don’t click on that nasty link that sneaks through, Office 365 ATP has come up with a solution if you do.


let's start the ball rolling

Fill in the form or use the contact details below and we’ll get our expert team to put together a package that’s personal to your business.
0114 299 4050