02-05-2018 01:28 PM - edited 02-05-2018 01:31 PM
02-05-2018 01:28 PM - edited 02-05-2018 01:31 PM
Office 365 Advanced Threat Protection (ATP) secures more end users in Office 365 than all our competitors combined and can block >99.9% of malware. To pair with these protection capabilities of ATP, customers have also asked for greater visibility into their environment. Today we’re excited to announce enhancements to Office 365 ATP addressing this customer need.
Reporting Enhancements for Office ATP Admins
For admins, it is critical to have threat information quickly and also representative of the latest impact of threats to the organization. One of our enhancements to Office 365 ATP reporting is that new threat information will be offered in near real-time, viewed in an updated UI. Threat information in the reports will update in minutes, providing the latest threat details across your Office 365 environment. In addition to faster reporting updates, we’re also excited to launch four new types of reports which help improve the admin experience and provide crucial data on threats impacting your Office 365 environment.
Reporting Suspicious Messages for EOP/Office ATP Users
Many of our customers now train end-users to spot suspicious emails. It is important to offer end-users an easy way to report suspicious emails that their security teams can analyze and quickly assess. The ‘Report message’ add-in makes this very easy for customers. To activate the add-in, follow these instructions. End-users can report suspicious emails directly to Microsoft so that we can quickly update and enhance our protection capabilities. Emails can be reported as either ‘junk’ or ‘Phish’. Additionally, this feature is coupled with the powerful ‘User-Reported’ view. Now admins have visibility into emails that users consider suspicious. This visibility is crucial and enables admins to understand:
Ultimately, greater telemetry strengthens the ability to mitigate threats. With the new ‘Report Message’ add-in, Microsoft has enabled near real-time access to threats, leveraging the scale of our customers end-users broadening our telemetry and improving the protection of Office 365.
Send Us Your Feedback
We look forward to your feedback once you experience the new ‘Report Message’ add-in and the updates to ATP reporting. Your valuable feedback enables us to continue improving and adding features that support the goal of making ATP the premiere advanced security service for Office 365. If you have not tried Office 365 Advanced Threat Protection for your organization yet, you should begin a free Office 365 E5 trial today and start securing your organization from today’s most sophisticated threats.
02-06-2018 03:26 AM
02-06-2018 07:20 AMSolution
We often report messages from shared mailboxes that receive junk \ phishing email but it looks like the new report message add-in does not work for this situation with attached error message. Is there a way to enable the feature for this situation? Otherwise we are really looking forward to using this feature in our organization.
02-06-2018 08:33 AM
No. You will still have the junk mail folder. This is in the event your end user believes and email that lands in the inbox should have been something that landed in junk.
02-06-2018 08:40 AM
I think the question was will this new add-in replace Microsoft's previous one located here? Which I'm wondering about as well.
02-13-2018 03:22 PM
Do all of these features - including the real-time reports and the 'Report message’ add-in - require E5 licensing?
02-14-2018 12:14 AM
The ATP real time reports are available with a Standalone ATP license or with an Office 365 E5 license. The 'Report Message' is for any Office 365 license. Thanks.
02-22-2018 06:10 AM
On the following page about how to "Use the Report Message add-in" "https://support.office.com/en-us/article/use-the-report-message-add-in-b5caa9f1-cdf3-4443-af8c-ff724..." towards the bottom under "tips" it states "If you're using an Exchange server email account, your Exchange administrator may have chosen one of these settings for you. If so, you can't reset the option yourself." - to me this implies we the administrators are able to control the settings for options in the report message add-in. But I'm not able to find any instructions or information on how I would configure this and force options for our users which we would like to do in our environment. Is this actually possible or if not, something that could be added at some point?
02-22-2018 02:11 PM
02-22-2018 04:53 PM
No. We're working on a way to actually provide a response to customers, but that is not available yet.
02-23-2018 07:04 AM
Can you link us to a roadmap entry so that we can track availability?
02-26-2018 05:53 PM
Apologies. I am not sure why this was left off the message center post. There is no roadmap item attributed to the add-in. However, for the reports, the roadmap entry is called: "Office 365 ATP Enhanced Reporting". Thank you.
02-28-2018 03:34 PM
Will the Report Message add-in provide options to submit malicious URL's not detected by SafeLinks?
05-26-2018 10:29 PM
11-12-2018 12:24 PM
Is it possible if I, as a tenant admin, can see the reports in my user-reported view submitted by another tenant's user? Like say, if one of my users were impersonated and sent out a phishing email to another user from another organization, and that said user then reports the Phishing email seemingly coming from *my* user, would that appear in my user-reported view?