Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
Microsoft offers an optional advanced threat protection service for email which is integrated directly into Office 365. It offers protection against advanced threats, malicious links and unsafe attachments. It also offers critical insights into who is being targeted within your business with reporting and URL tracing.
Expert Insights has written a comprehensive review of the Microsoft Advanced Threat Protection platform to help you make an informed buying decsision. You can find more information about Microsoft Advanced Threat Protection, as well as reviews from real customers of the servce here: //www.expertinsights.com/reviews/microsoft-advanced-threat-protection
Expert Insights Microsoft Advanced Threat Protection Breakdown
Benefits of Microsoft Advanced Threat Protection
- Effective URL scanning and attachment sandboxing
- Cheap service [ $2.00 / €2.00 / £1.50 per user / month]
- Easy to use, install and configure, plugging in directly to O365
- Adequate spam blocking protection Microsoft ATP block page — unfortunately its easy for this page to be spoofed
What you should know about Microsoft Advanced Threat Protection
- Customers report that the service is lacking when it comes to phishing protection
- Service will not identify new and evolving threats without a signature
- Service doesn’t sandbox all attachments
- There is no URL scanning in real time
- Lack of robust spoofing protection
- System does not use AI and so there will be less adaptability to your organisations specific requirements or to new emails threats
- In October 2017, researchers announced that Microsoft had missed 34,000 phishing emails Feature availability across Advanced Threat Protection [ATP] plans
Expert Insights Verdict
Microsoft Advanced Threat Protection offers businesses an extra layer of protection against malicious threats and phishing attacks. It’s low cost, easy to deploy and easy to manage as it’s fully integrated with Office 365. The machine learning and impersonation detection systems offer businesses a basic level of protection against phishing attacks. However. In October 2017, researchers announced that Microsoft had missed 34,000 phishing emails, demonstrating that it is not the most effective phishing protection platform.
For this reason, Microsoft ATP should not be used alone to protect businesses from phishing or targeted social engineering attacks. If you are planning to use this solution as an extra layer of security, we also recommend using a dedicated third party security solution in our Post — Delivery Protection category. These solutions will be more effective to stop phishing attempts and business email compromise.
Microsoft Office 365 Advanced Threat Protection [ATP] is Microsoft's optional cloud-based service that scans and filters email to protect subscribers from malware in attachments and hyperlinks to malicious websites.
With ATP, Microsoft attempts to reduce the impact of zero-day threats that often arrive via malicious attachments and URLs. ATP assesses the content of email before recipients open attachments or click on URLs. ATP scans attachments and hyperlinks through separate, independent policies that administrators apply to specific users, groups or domains. ATP is a cloud service from Microsoft that does not require additional hardware or software tools to run.
Safe attachments reviews files
The "safe attachments" feature in ATP analyzes all attachments. First, ATP isolates the attachment in a sandbox VM a feature Microsoft calls a "detonation chamber" to prevent the delivery of malicious payloads. ATP then checks for tell-tale signatures of malicious content and uses machine learning techniques to assess unknown content for suspicious behavior. Recipients cannot open the attachment until the scan completes.
Safe links scans URLs
ATP's "safe links" feature scans the content of the web page from hyperlinks in email and Office documents to reduce incidents of phishing and other website-based attacks. If ATP determines a hyperlink leads to an unsafe site, it sends the user to a warning page.
Microsoft Office 365 Advanced Threat Protection assists with training
ATP generates detailed reports to alert IT administrators if particular users receive an unusual amount of malicious email, the type of malicious content, and which users opened or clicked on potentially malicious content. This information helps IT train users to be more vigilant to avoid attacks.
Inspection may delay attachment delivery
According to Microsoft, the time it takes the safe attachments process to complete depends on the attachment and its content. Rather than delay a message, Microsoft uses a "dynamic delivery" feature to let recipients to read and to respond to an email, and uses a placeholder to indicate the attachment is undergoing the scanning process. If ATP determines the file is not a danger, the attachment returns to the email. If ATP finds a malicious file, it removes the attachment.
Microsoft's unified Advanced Threat Protection in Office 365 and Windows.
The safe links process adds no noticeable delay to a non-malicious link, but links ATP deems malicious will result in a warning to the user.
Microsoft includes ATP with its top-tier Office 365 Enterprise E5 subscription, but organizations can add the service to other Exchange and Office 365 subscriptions for $2 per user, per month. Compatible plans that support ATP include Exchange Online Plan 1, Exchange Online Plan 2, Exchange Online Kiosk, Exchange Online Protection, Office 365 Business Essentials, Office 365 Business Premium, Office 365 Enterprise E1, Office 365 Enterprise E3, Office 365 Enterprise E4, Office 365 Enterprise K1, Office 365 Enterprise K2 and Office 365 Education.
Comparison to Exchange Online Protection
Microsoft calls ATP a complementary addition to its Exchange Online Protection [EOP] service. They share similar features but ATP provides added protection from spoofing and phishing techniques. Organizations can add EOP to online email services for $1 per user per month.
Does Office 365 include advanced threat protection?
Microsoft Office 365 Advanced Threat Protection pricing Microsoft includes ATP with its top-tier Office 365 Enterprise E5 subscription, but organizations can add the service to other Exchange and Office 365 subscriptions for $2 per user, per month.
What is the new name for Office 365 Advanced Threat protection?
Product Name Changes.
Is Defender for Office 365 worth it?
Overall, I would highly recommend Microsoft Defender for Office 365 to any organization that is looking for a comprehensive solution to protect its Office 365 environment. Pros: The features that I like most about Microsoft Defender for Office 365 are its email protection, web protection, and data protection features.
How to bypass Office 365 Advanced Threat protection?
How to Add ATP Link Bypassing Rules [Mail Flow Rule].
Login to your Exchange/Office Admin center and make a new mail flow rule..
Give the rule an intuitive name, like “ATP Link Bypass”.
Click on More options….
Click the Apply this rule if… ... .
Select The senders..
Select IP address is in any of these ranges or exactly matches..