Since the inception of Office 365 Advanced Threat Protection (ATP) in 2015, we have strived to provide best in class security that enhances and facilitates your end user’s productivity. To this end, we now have reached >99.9% in our malware detection effectiveness, helped secure more end users than all our competitors combined, and continued to launch a rich set of features which help protect our users while enabling enterprise productivity. Today, we take another significant step forward to protecting our Office 365 users by announcing the GA of ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams.
Figure 1. Screenshot showing malicious file being detected. OneDrive and SharePoint Online web experiencing rolling out end December 2017
Integration of Office ATP with SharePoint Online, OneDrive For Business, and Microsoft Teams
Office 365 ATP has always leveraged signals and smart heuristics to identify files within your organization’s tenant that may contain malicious content as shown in Figure 1 above. Now ATP will include file activity signals from SharePoint Online, OneDrive for Business, and Microsoft Teams by leveraging collaboration events and threat feeds from the Microsoft Intelligent Security Graph as shown in Figure 2 below. For example, activity signals include anonymous, companywide or explicit sharing, or activity from guest users. The threat feeds include known malware in email or SharePoint Online, Windows Defender/Defender ATP detections, suspicious or risky logins or other indicators of irregular file activity within your tenant. With the threat feeds like known malware, Office 365 ATP identifies the related users and their activity within SharePoint Online, OneDrive for Business, and Microsoft Teams. The scope of scanning is then automatically targeted to include other types of file activity from the user (e.g. update, uploads and modify events). Files identified as malicious are blocked directly in the file stores. Office 365 ATP leverages existing user experiences within SharePoint Online, OneDrive for Business, and Microsoft Teams to block open and download of infected files.
Figure 2. Office 365 amplifying your protection
Easy Setup and Configuration
A powerful attribute of Office 365 ATP is its simple setup and configuration. As these new workloads are now secured with ATP, we have maintained the ease of setup and configuration which is a hallmark of Office ATP.
A policy option will be available under the ‘Threat Management’ -> ‘Policy’ -> ‘Safe attachments’ tab in the Security & Compliance Center (S&CC) to enable Office 365 ATP for files in SharePoint Online, OneDrive for Business, and Microsoft Teams. For further details on integration of Office ATP with SharePoint Online, OneDrive for Business, and Teams, check out our instructional page.
Also, within SharePoint Online and One Drive for Business web user experiences, there is a tenant level configuration that allows or blocks the download of an infected file. Refer to these instructions and the DisallowInfectedFileDownload parameter for additional details.
Send Us Your Feedback
We look forward to your feedback once you try ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams. Office 365 ATP is not a service that is shaped by only Microsoft. It is the valuable feedback that we receive from you that enables us to continue improving and adding features that support the goal of making ATP the premiere advanced security service for Office 365. If you have not tried Office 365 Advanced Threat Protection for your organization yet, you should begin a free Office 365 E5 trial today and start securing your organization from today’s most sophisticated threats.