ATP in Office 365 E5
What’s it All About?

ATP in Office 365 E5: What’s it all about?

  • Anton Neidel
  • Publisher Advisory, Managed Security
  • ATP, Office 365, Microsoft

These endless acronyms! Every company uses them, and the Microsoft universe is jam-packed with them as well. For instance we may encounter product acronyms like SPE and EMS or abbreviated features like the one used in today’s topic: ATP, or Advanced Threat Protection. It is a security feature in the Office 365 E5 Plan. Anton Neidel explains what functions the ATP in Office 365 E5 provides and how it works.

My previous article on the Office 365 E5 Plan touched on this particular feature. The term E5 will probably make you think immediately of communication. But besides this feature, there are other areas that receive a lot of attention – analysis and security.

Hard Facts About Security Vulnerabilities

Let’s start things off with a short story.

IT Security Vulnerability
Security vulnerability scenario, source: Anton Neidel

The world is changing, and IT is no different. So it’s only logical that security requirements are evolving as well. A study by the Gartner Group reveals that $20 billion were spent on security software in 2012. This number is predicted to reach $94 billion by the end of 2017. When asked about their antivirus protection, companies will usually answer that they have a product byKaspersky, TrendMicro, McAfee, or Microsoft.

These solutions have indeed proven effective in the past, but they are becoming increasingly inefficient.
In 2010 the German research Institute AVTEST estimated that there are 49 million malware programs in the wild. McAfee reported in 2011 that two million viruses are discovered each month. In turn, Kaspersky Lab announced in 2013 that around 200,000 new malware programs are identified and neutralized every day.

But what is truly alarming is how long it takes to even detect malware once it has been released into circulation. For instance, researchers at Kaspersky Lab in Moscow discovered in 2012 that a highly complex and hitherto unknown piece of malware called FLAME had been doing the rounds for five years already, stealing data from information systems around the world. FLAME truly represented a failure of the antivirus industry, and most likely brought the entire antivirus software era to an end.

Office 365 Exchange Online: What is This Basic Protection Good For?

Office 365 Exchange Online

Microsoft Office 365 Exchange Online offers a built-in basic security system in the Exchange Online Protection (EOP) feature. EOP has the following options:

  • Anti-Spam protection
  • Spam management
  • Protection against malware
  • Transport rules
  • Reporting and logging

EOP and its market compatriots are powerless in the face of zero day attacks. A zero day attack describes malware that is entirely unknown to your virus protection and therefore remains undetected. This means that new solutions are necessary, i.e. the existing ones need to be expanded.

Advanced Threat Protection in Office 365 E5: How Does Advanced Protection Work?

Advanced Threat Protection (ATP) – is, as the name suggests, included in the security features of the Office 365 E5 Plan and is designed to protect against malware. In this respect, ATP uses the sandbox principle. Put simply, the system works like a Russian doll, installing a computer within another computer. This kind of emulation is frequently described as a virtual machine. Emails arriving in this sandbox are scanned for malware. For instance, email attachments are deliberately opened to see what happens. The actual system cannot be infected, as the malware remains enclosed in the sandbox.

Here’s an example of a cloud scenario:

Office 365 E5 ATP Scenario
source: Anton Neidel
  1. The email arrives in the incoming mail server, where it is scanned by Exchange Online Protection.
  2. ATP also scans the email for licensed users.
  3. When the system recognizes a suspicious link or content, the email is removed or the rough contents of the link are described. Naturally, the user and the admin receive notification.

NOTE: inform your users if you enable ATP, as the additional scan can mean that emails arrive with a delay of between three and five minutes.

    Ok, that’s all very well. But what happens if I have my email server on-premises? No problem! Here’s a scenario:

    Office 365 ATP on premise scenario
    source: Anton Neidel

    How are ATP and EOP Licensed?

    How can I license Exchange Online Advanced Threat Protection (ATP) and Exchange Online Protection (EOP)?

    EOP is always included in Enterprise Plans and Business Plans (provided they include Exchange Online).

    ATP is part of the Enterprise 5 Plan (E5) and can also be booked as an add-on with other plans.

    Office 365 ATP Licensing
    source: Anton Neidel

    Looking for More Information About Office 365 E5 Plan?

    We have put together all the information you need on Advanced Threat Protection and the other features in the Office 365 E5 Plan. Contact our experts for details.

    Contact our Office 365 experts
    • Wednesday 24 May 2017

    Comment on this article

    Leave a comment to let us know what you think about this topic!

    Leave a comment

    Author

    Anton Neidel, Guest author SoftwareONE Blog

    Anton Neidel Technology Solutions Professional

    Security Specialist and SoftwareONE Blog Guest Author

    Related Articles

    Microsoft Updates to Software Assurance (SA), beginning February 2020
    • 17 September 2019
    • Blog Editorial Team
    • Publisher Advisory
    • Microsoft, Microsoft Advisory Services

    Microsoft is updating Software Assurance (SA)

    Microsoft is updating Software Assurance (SA) through changes to Software Assurance Benefits, starting in February 2020.

    How to Optimize Your SQL Licensing Spend
    • 13 September 2019
    • Dan Ortman
    • Publisher Advisory
    • Digital Supply Chain

    How to Optimize Your SQL Licensing Spend | SoftwareONE

    Optimizing your organization’s SQL licensing spend is an ever changing, complex process – but updating to Azure SQL Server could help. Learn how to best approach SQL licensing management for maximum ROI.

    Proactive Configuration Management: The Key to Good Cybersecurity
    • 11 September 2019
    • Bala Sethunathan
    • Managed Security
    • Security, Cyber-Security

    Proactive Configuration Management: The Key to Good Cybersecurity

    Prioritize and protect mission critical assets with the help of our security expert team to build a proper cybersecurity strategy