Advanced Threat Protection

With the increase in cyberattacks such as viruses, malware, phishing, and spoofing, cybersecurity and protection have never been more important. So, to help prevent threats from reaching your premises, Microsoft has added a feature to Office 365 called Advanced Threat Protection.  

Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust protection against zero-day attacks. For example, ATP includes features to safeguard your organization from harmful links in real-time and has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization. 

Advanced Threat Protection Subscription Plans 

Microsoft Office 365 ATP is available in two different options: ATP Plan 1 and ATP Plan 2. 

With ATP Plan 2 you receive all the capabilities of ATP Plan 1 plus a few extra features such as Threat Trackers or Attack Simulators 

Capabilities of Microsoft’s Office 365 Advanced Threat Protection (ATP) 

Safe Links 

The ATP Safe Links feature proactively protects your users from malicious hyperlinks in a message. In addition, the protection remains every time they click the link. For instance, ATP dynamically blocks malicious links and allows access to good links.

Safe Attachments 

Safe Attachments protects against unknown malware and viruses and provides zero-day protection to safeguard your messaging system. For instance, Safe Attachments uses a variety of machine learning and analysis techniques to detect malicious intent in messages and attachments. As a result, if the messages are not suspicious, they release for delivery to the mailbox. 

Spoof Intelligence 

Spoof Intelligence detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains. It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender. Spoof Intelligence is available in the Security & Compliance Center on the Anti-spam settings page. 


Quarantine is a holding place for potentially threatening email messages. In other words, ATP sends spam, bulk mail, phishing mail, and messages that contain malware, or match a mail flow rule into Quarantine. 

By default, Office 365 sends phishing messages and messages containing malware directly to Quarantine. Then, authorized users can review, delete, or manage email messages sent to Quarantine. 

Advanced Anti-phishing 

This feature uses machine learning models to detect phishing messages. 

Additional Capabilities Only Available with ATP Plan 2 

Threat Trackers 

Threat Trackers are widgets that provide intelligence on different security issues that might affect your company. 


Explorer provides a report that enables you to investigate and respond to threats efficiently. 

Automated Investigation and Response 

Automate the response to possible attacks. This capability prevents your team from becoming overwhelmed and as a result, allows them time for more serious issues. 

Attack Simulator 

Simulate attacks to help identify and find vulnerable users long before a real attack occurs. 

How to Get Started with ATP 

ATP Plan 1 is included with Microsoft 365 Business Premium. 

ATP Plan 2 is included in: 

  • Office 365 Enterprise E5 
  • Office 365 Education A5 
  • Microsoft 365 E5 

For other Office 365 subscription plans, you can add ATP Plan 1 to your subscription for $2 per month, per user, or ATP Plan 2 for $4 per month, per user. 

If you are still using an on-premises Exchange Server, as long as you are on Exchange 2013 or newer, you can also add Office 365 ATP as a service to provide cloud-based filtering prior to the email hitting your server.  

If you would like more information on adding ATP coverage to your Office 365 subscription then contact a specialist at Advanced Imaging Solutions.