Users targeted by phish & malware campaign

%3CLINGO-SUB%20id%3D%22lingo-sub-1434278%22%20slang%3D%22en-US%22%3EUsers%20targeted%20by%20phish%20%26amp%3B%20malware%20campaign%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1434278%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20have%20ATP%20and%20under%20Office%20365%20security%20and%20compliance%2C%20I%20see%20reports%20showing%20users%20are%20being%20targeted%20by%20phish%20campaign%20and%20malware%20campaign%20and%20it%20shows%20the%20users%20which%20are%20affected%20by%20it.%26nbsp%3B%20I%20have%203%20questions%20here%20then%2C%3C%2FP%3E%3CP%3E1)%20If%20the%20ATP%20is%26nbsp%3B%20able%20to%20detect%20that%20they%20were%20a%20part%20of%20phish%20and%20malware%20campaign%2C%20they%20didn't%20it%20stop%20it%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20And%20what%20security%20measurements%20can%20i%20take%20now%20to%20prevent%20this%20%3F%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20Which%20ATP%20will%20be%20best%20%2C%20as%20there%20is%20one%20under%20Exchange%20admin%20centre%20and%20one%20under%20security%20and%20compliance%20%3F%20Which%20one%20will%20take%20precedence%20%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1436498%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20targeted%20by%20phish%20%26amp%3B%20malware%20campaign%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1436498%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F284523%22%20target%3D%22_blank%22%3E%40Nick777%3C%2FA%3E%26nbsp%3Bin%20general%20ATP%20is%20not%20just%20showing%20data%20but%20also%20helps%20you%20to%20investigate%2C%20so%20in%20Microsoft%20365%20it%20will%20take%20some%20actions%20automatically%20like%20blocking%20or%20placing%20them%20into%20junk%20folder%20and%20you%20could%20use%20ATP%20to%20investigate%20and%20see%20whether%20actions%20are%20working%20as%20expected%20and%20investigate%20the%20incident.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1)%20In%20most%20cases%2C%20attack%20has%20been%20stopped%20and%20ATP%20report%20it%2C%20but%20it%20also%20depends%20on%20your%20configuration.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2)%20You%20will%20need%20to%20look%20into%20ATP%20dashboard%20for%20more%20details.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E3)%20You%20have%20to%20start%20from%20ATP%20report%20and%20then%20investigate%20and%20depending%20on%20attack%20take%20action.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20would%20recommend%20you%20to%20take%20a%20look%20at%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fcampaigns%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fcampaigns%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

I have ATP and under Office 365 security and compliance, I see reports showing users are being targeted by phish campaign and malware campaign and it shows the users which are affected by it.  I have 3 questions here then,

1) If the ATP is  able to detect that they were a part of phish and malware campaign, they didn't it stop it 

2) And what security measurements can i take now to prevent this ? 

3) Which ATP will be best , as there is one under Exchange admin centre and one under security and compliance ? Which one will take precedence ?


Thanks.

 

 

 

1 Reply
Highlighted

@Nick777 in general ATP is not just showing data but also helps you to investigate, so in Microsoft 365 it will take some actions automatically like blocking or placing them into junk folder and you could use ATP to investigate and see whether actions are working as expected and investigate the incident. 

 

1) In most cases, attack has been stopped and ATP report it, but it also depends on your configuration.

 

2) You will need to look into ATP dashboard for more details.

 

3) You have to start from ATP report and then investigate and depending on attack take action.

 

I would recommend you to take a look at:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/campaigns