ThirdSpace ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
14 February 2017

How does Advanced Threat Protection secure email in Office 365?

David Guest

Email is a prime target for cyber attackers looking to gain access to your organisation.

It’s no surprise. Email is so critical to day-to-day business.

With increasingly sophisticated malware campaigns being launched daily and data breaches constantly on the rise, how can you be sure your email environment isn’t exposed? With Advanced Threat Protection for Office 365, Microsoft answers your call.


What is Advanced Threat Protection?

Microsoft has proven its commitment to cyber security over the past few years, and recently announced that it would continue to invest over $1bn in the area in 2017. In addition to bolstering Windows 10 and its Azure cloud platform, the software giant has also introduced a host of measures to improve the security features of Office 365 in recent times. One of the most successful of these features is Advanced Threat Protection.

Originally released as ‘Exchange Advanced Threat Protection’ in 2015 and since renamed, Office 365 Advanced Threat Protection is a technology package which hardens your email environment’s vulnerability to malicious malware and clickable web links. It complements the security features of Exchange Online Protection and Advanced Threat Analytics, dealing with threats that your antivirus software won’t yet have registered, and ensuring zero-day protection around sensitive data shared by email.

Identifying malware and unsafe attachments

Most businesses will use their mailboxes as a way to allow employees, and sometimes external parties, to share files with each other as attachments. It’s crucial to the effective and efficient running of an organisation that employees can access and use email services freely and easily; but, with malware being as common and sophisticated as it is these days, mailboxes also exist as potential surfaces for a malicious cyber attack.

Advanced Threat Protection helps resolve this problem by means of a feature called Safe Attachments, which opens any document attached to an email in a cordoned-off virtual environment, in which it then analyses the file for suspicious properties. If deemed unsafe or malicious, attached files are moved out of your inbox and into a ‘detonation chamber’.

“How does ATP know if an attachment is malicious?”

Essentially this means it takes the suspicious attachment and places it in a virtual environment that’s extremely sensitive to any change detected within it. Here, it executes the attachment safely and without risk, and monitors exactly what it does once executed.

You might be wondering – how does ATP know if an attachment is malicious? Well, there are certain common behaviours that pieces of malware will likely do in pursuit of access to your organisation. This might be establishing a command-and-control communication channel through which to harvest and store desired information, or creating persistence on a user’s machine; there are a range of expected suspicious activities, and ATP is wise to them all.

If there’s anything about files that are sent to your mailbox that is detected as malicious, the attachment isn’t presented to the user. You’re left with a clean inbox, and options for further responsive action.

Webinar: Understanding Advanced Threat Protection (ATP)

Watch on-demand for a breakdown of each ATP technology and discover how to:

  • Protect email, files and apps against attacks
  • Proactively detect attacks and zero-day exploits
Watch on-demand now

Scanning and detonating malicious URLs

In addition to attached files, ATP also monitors links or URLs that are included in or attached to an email, using a component called Safe Links. Expanding on the content-scanning capabilities of Online Protection, Safe Links protects your email environment with immediate effect when links are clicked on by users.

While the content to which the monitored link directs is being scanned, the URL under scrutiny is rewritten so that it goes through Office 365. The URLs are examined in real time, at the exact time a user clicks them, meaning no time or productivity has to be lost in order to ensure protection. If a link is deemed to be unsafe within ATP, the user receives a warning not to visit the site, or a notification that the site has been blocked.

This feature also offers extensive reporting capability, meaning you can easily and comprehensively understand what’s happening in your organisation and who’s been receiving malware. You’re given full visibility. It’s an incredibly powerful feature, and one we can expect to continue evolving and adapting on an almost weekly basis.

Rich reporting and critical insights

So what happens with the security findings Advanced Threat Protection makes when it’s performing all these checks and scans? In order to give admins visibility into each potentially dangerous click within the company, the details that ATP uncovers are aggregated into rich reports.

This means you’ll have critical insights into who within your organisation is being maliciously targeted, as well as the category of the attacks you’re up against. Messages that get blocked and individual malicious links contained within them are all traceable once detonated for safety, meaning that – as well as protecting your email environment for you in the immediate instance – ATP also arms you with the information needed to carry out your own responses thereafter.



Today’s malware-laden climate might very well present you with a daunting prospect: whether you shut your mailbox down or open it up to a breach, you risk a disastrous stop to productivity and, potentially, further damaging losses beyond that. The easiest way to ensure this doesn’t happen to your organisation? Office 365 Advanced Threat Protection.

Harness the power to properly safeguard your mailbox, or risk falling victim to malicious activity beyond your control.

Next, watch our Advanced Threat Protection webinar on-demand to discover how the three ATP technologies work together to keep your organisation safe.

Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.

You may also like...


The key to SOCcess – 5 things you need to consider for improved threat monitoring and response


What is a security operations centre (SOC)?


Identify, analyse and remediate: What is Microsoft 365 Defender?

Recent Blog Articles

View All
David Guest
Solution Architect and Technology Evangelist
Learn More

Get in touch

We'd love to hear from you! Our friendly team can be reached Monday through Friday, from 9am to 5pm.

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.