Close this search box.

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features – keeping you protected from cybersecurity threats. With today’s cybersecurity landscape, where new threats appear daily, if not hourly, it’s critical to know what tools can help you protect your organization.

Let’s take a look at what Microsoft 365 Advanced Threat Protection is and how you can use it to your organization’s advantage. 

What is Microsoft 365 Advanced Threat Protection and How Is It Used?

According to Microsoft, Microsoft 365 Defender, which used to be known as Microsoft 365 Threat Protection, is “a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.”

By utilizing this technology solution, cybersecurity professionals can identify threats more easily in order to figure out the potential impact of said threats. Microsoft 365 Defender can help in that it can automatically take action against attacks, while also healing impacted mailboxes, user identities, endpoints and more.

What are the Top Features of O365 Advanced Threat Protection?

There are many different features of Office 365 ATP that help your organization stay as secure as possible. Let’s take a look at these features and what they do.

1. Safe Attachments

Safe Attachments is a feature of Office 365 Advanced Threat Protection that ensures incoming email attachments are in no way malicious. When this feature is activated, it automatically opens attachments in a separate, virtual environment to test them. This makes sure the real-time environment is not distrubed. If it finds any indications the attachment is malicious, then the attachment will be automatically removed from the email. 

2. Safe Links

Similarly to Office 365 Safe Attachments, Microsoft Defender automatically checks URLs that are present within incoming emails and other Office documents. This is also known as “time-of-click verification”. ATP Safe Links can identify which URLs are safe and which are malicious. If they are safe, then there will be no additional action taken by Microsoft. If malicious, a warning page will be delivered to the user. 

3. Spoof Intelligence

Spoof Intelligence ensures that only legitimate emails end up in your inbox. Spoof filters are set in the Security & Compliance Center in order to differentiate legitimate and malicious activity. It allows you to review those senders spoofing your domain. 

4. Anti-Phishing Policies

The Anti-Phishing Policies are based on impersonation detection algorithms as well as machine learning models. These policies can be set differently, whether it be on a single domain, all domains, or for specific people. Once Office 365 anti-phishing policies are activated in your account, machine learning models look at all incoming emails to decide whether they are malicious.

5. Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams

Collaboration is crucial to organizations. There’s also been an increase in the sharing of ideas via SharePoint, OneDrive, and Microsoft Teams, so the security of that data is vital. It can help you find and block any malicious files. 

6. Threat Trackers

Threat tracking in Microsoft 365 ATP allows you to see the path a threat follows across your organization. It can also provide valuable insights into possible security breaches within your system. 

7. Threat Explorer

Threat explorer shows you a deeper analysis of all threats in real-time that are occurring against members of your organization.  

8. Automated Investigation and Response

The automated threat detection feature helps free up time for your IT personnel so they can focus on dealing with threats that need human judgment.  

How Can You Set Up Office 365 Advanced Threat Protection?

In order to set up O365 ATP, these are the steps you will need to take:

  • Configure DKIM, DMARC, and SPF
  • Set Exchange Online Protection Live
  • Deploy Office Message Encryption
  • Enable O365 ATP (Also known as Defender)
  • Set Up Office 365 MFA with the Authenticator App

What are the Limitations of Office 365?

Higher Demand for the Product Can Lead to Changes of Services

Since Microsoft Office 365 is hosted by a third-party service, they may add, change, update and get rid of services when they see fit. This is typically to benefit the service for all users, however unprecedented circumstances can often lead to decisions being made that can affect your productivity.

Internet Limitations

Depending on internet service providers as well as where you’re located, businesses could be hit with internet connection problems. Since Office 365 is an online service, completing work and accessing emails can become difficult if your internet goes out. There are some Office 365 features that require internet connections at all times, which may impact your services.

Small File Upload Size

Microsoft limits your file size to 2GB on OneDrive and SharePoint. While most businesses don’t use files that large, some organizations share very large files. If your organization frequently works on and shares larger files, you will want to analyze Office 365’s file capacity before making the move to Microsoft’s platform.

Data Privacy is Out of Your Hands

To comply with data protection regulations internationally, and across industries, you must be able to show how seriously you take data privacy. If you need to manage a lot of data, especially confidential data, it’s better to store and control that data within your organization. If you implement Office 365 into your system, you are now placing your trust in Microsoft and how they handle data.

Limited Email Archive

Email archiving is crucial to businesses that are regulated. Unfortunately, there are limitations for email archiving in Office 365. With GDPR regulations, more businesses could be scrutinized for the way they handle data. If your business is currently following these regulations, you must make sure that there are no email compliance restrictions within your O365 plan. 

Retrospectively Identifies Attacks

Office 365 ATP takes a different approach to identifying phishing attacks. Since this type of protection is more retrospective, it can not safeguard against human error in real time. It also has a bit more trouble anticipating potential zero-day phishing attacks and typically does not identify emerging threats that happen outside of the lists they have. Similarly, they only have the ability to scan Microsoft-related documents, therefore leaving a gap when it comes to attachment scanning.


Microsoft 365 security systems are set up so that cyber thieves are able to open an account, test their methods until they can bypass default filters, and then utilize these methods in their attacks – targeting thousands of different accounts.

User Engagement & Complexity

The setup and configuration process for Microsoft ATP requires IT expertise. Unfortunately, many small businesses do not have access to these resources. Since Microsoft does not provide step-by-step assistance with setup and ongoing system monitoring, small businesses may misconfigure these systems, leaving them vulnerable to potential attacks.

Final Thoughts

While Office 365 ATP is a robust platform capable of filtering spam, malware, and well-known phishing URLs, it fails to detect and respond to highly targeted phishing and Business Email Compromise attacks. t, it’s important to be fully aware of how to keep your organization secure. In order to fully protect yourself or your organization, it can be helpful to use an automated remediation tool that identifies, protects, and mitigates your email. Discover how you can do so with Cyren’s Inbox Security for Microsoft 365. Get a demo with the Cyren team today.