ATP in Office 365 E5

What’s it All About?

ATP in Office 365 E5: What’s it all about?

These endless acronyms! Every company uses them, and the Microsoft universe is jam-packed with them as well. For instance we may encounter product acronyms like SPE and EMS or abbreviated features like the one used in today’s topic: ATP, or Advanced Threat Protection. It is a security feature in the Office 365 E5 Plan. Anton Neidel explains what functions the ATP in Office 365 E5 provides and how it works.

My previous article on the Office 365 E5 Plan touched on this particular feature. The term E5 will probably make you think immediately of communication. But besides this feature, there are other areas that receive a lot of attention – analysis and security.

Hard Facts About Security Vulnerabilities

Let’s start things off with a short story.

Security vulnerability scenario, source: Anton Neidel

The world is changing, and IT is no different. So it’s only logical that security requirements are evolving as well. A study by the Gartner Group reveals that $20 billion were spent on security software in 2012. This number is predicted to reach $94 billion by the end of 2017. When asked about their antivirus protection, companies will usually answer that they have a product byKaspersky, TrendMicro, McAfee, or Microsoft.

These solutions have indeed proven effective in the past, but they are becoming increasingly inefficient.
In 2010 the German research Institute AVTEST estimated that there are 49 million malware programs in the wild. McAfee reported in 2011 that two million viruses are discovered each month. In turn, Kaspersky Lab announced in 2013 that around 200,000 new malware programs are identified and neutralized every day.

But what is truly alarming is how long it takes to even detect malware once it has been released into circulation. For instance, researchers at Kaspersky Lab in Moscow discovered in 2012 that a highly complex and hitherto unknown piece of malware called FLAME had been doing the rounds for five years already, stealing data from information systems around the world. FLAME truly represented a failure of the antivirus industry, and most likely brought the entire antivirus software era to an end.

Office 365 Exchange Online: What is This Basic Protection Good For?

Office 365 Exchange Online

Microsoft Office 365 Exchange Online offers a built-in basic security system in the Exchange Online Protection (EOP) feature. EOP has the following options:

  • Anti-Spam protection
  • Spam management
  • Protection against malware
  • Transport rules
  • Reporting and logging

EOP and its market compatriots are powerless in the face of zero day attacks. A zero day attack describes malware that is entirely unknown to your virus protection and therefore remains undetected. This means that new solutions are necessary, i.e. the existing ones need to be expanded.

Advanced Threat Protection in Office 365 E5: How Does Advanced Protection Work?

Advanced Threat Protection (ATP) – is, as the name suggests, included in the security features of the Office 365 E5 Plan and is designed to protect against malware. In this respect, ATP uses the sandbox principle. Put simply, the system works like a Russian doll, installing a computer within another computer. This kind of emulation is frequently described as a virtual machine. Emails arriving in this sandbox are scanned for malware. For instance, email attachments are deliberately opened to see what happens. The actual system cannot be infected, as the malware remains enclosed in the sandbox.

Here’s an example of a cloud scenario:

source: Anton Neidel
  1. The email arrives in the incoming mail server, where it is scanned by Exchange Online Protection.
  2. ATP also scans the email for licensed users.
  3. When the system recognizes a suspicious link or content, the email is removed or the rough contents of the link are described. Naturally, the user and the admin receive notification.

NOTE: inform your users if you enable ATP, as the additional scan can mean that emails arrive with a delay of between three and five minutes.

    Ok, that’s all very well. But what happens if I have my email server on-premises? No problem! Here’s a scenario:

    source: Anton Neidel

    How are ATP and EOP Licensed?

    How can I license Exchange Online Advanced Threat Protection (ATP) and Exchange Online Protection (EOP)?

    EOP is always included in Enterprise Plans and Business Plans (provided they include Exchange Online).

    ATP is part of the Enterprise 5 Plan (E5) and can also be booked as an add-on with other plans.

    source: Anton Neidel

    Comment on this article

    Leave a comment to let us know what you think about this topic!

    Leave a comment


    Blog Editorial Team

    Trend Scouts

    IT Trends and industry-relevant novelties

    Related Articles

    • 31 October 2022
    • Marco Vogel
    • Cloud Services, Path to the Cloud, Publisher Advisory
    • VMware, Cloud, Migration

    This is how cloud works with VMware!

    Do you have to give up the VMware experience altogether when you move to the cloud, and what useful alternatives are there? Here is the comparison.

    Understanding What the Oracle Microsoft Partnership Means to You
    • 18 October 2022
    • Blog Editorial Team
    • Publisher Advisory
    • Oracle, Microsoft, Azure, Cloud, Application Modernization

    What the Oracle Microsoft Partnership Means to You

    When two software behemoths make a joint announcement, it’s worth taking the time to understand what the implications may be for you. Gordon Davey and Richard Spithoven share their insights on the Oracle Database Services for Microsoft Azure.

    VMware vSphere+: vSphere available as subscription | SoftwareONE Blog
    • 20 September 2022
    • Marco Vogel
    • Publisher Advisory, Digital Transformation, Future Datacenter
    • VMware

    VMware vSphere+: vSphere available as subscription

    There are several benefits of the vSphere+ offer - it’s worth taking a closer look.