Office 365 Advanced Threat Protection for SharePoint, OneDrive and Microsoft Teams now available

Published 12-05-2017 07:47 AM 20.5K Views

When moving your organization to cloud services, security concerns add another layer of consideration; one of trust.


Security and compliance is an ongoing process, not a steady state. It is constantly maintained, enhanced, and verified by highly-skilled, experienced and trained personnel. We strive to keep software and hardware technologies up to date through robust processes. To help keep Office 365 security at the top of the industry, we use processes such as the Security Development Lifecycle; we also employ techniques that throttle traffic and prevent, detect, and mitigate breaches.


At Microsoft we continue systematic approach to disrupting attacks through eliminating weaknesses by eliminating the vectors of attack themselves by implementing architectural changes some of which leverage virtualization, containers, and other types of technologies.


In April 2015 we launched Office 365 Advanced Threat Protection to help customers secure their environment from evolving security threats providing protection against unknown malware and viruses, real time, time-of-click protection against malicious URLs, and rich reporting and URL trace capabilities.


In our continued effort to address the modern threat landscape, today we’re announcing General Availability of Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams.

Office 365 Advanced Threat Protection SharePoint, OneDrive, and Microsoft Teams uses signals and smart heuristics as quality indicators to identify the files within your tenant that may contain malicious content, which includes correlating the file activity signals from SharePoint, OneDrive, and Microsoft Teams within your tenant with the Microsoft Security Intelligence Graph threat feeds.


Examples of file activity signals include anonymous, company wide or explicit sharing, or activity from guest users. Threat feeds that Office 365 Advanced Threat Protection leverages include known malware in email or SharePoint, Windows Defender/Defender ATP detections, suspicious or risky logins or other indicators of irregular file activity within your tenant.


Getting Started

Office 365 Advanced Threat Protection SharePoint, OneDrive, and Microsoft Teams can be configured in the Office 365 Security and Compliance Center.


Learn more on configuring Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams at



Office 365 Advanced Threat Protection overview []


Advanced Threat Protection safe attachments in Office 365 []



Can I block download of infected files in Office 365?

There is a tenant level configuration that allows or blocks the download of an infected file. This configuration is leveraged by the different native user experiences that are triggered within SPO, ODB and Teams. Tenant admins can be updated using a PowerShell script. Refer to and the DisallowInfectedFileDownload parameter for additional details.


Is there a licensing requirement for ATP?

ATP is included in Office 365 Enterprise E5 and Office 365 Education A5. You can add ATP to the following Exchange and Office 365 subscription plans:

  • Exchange Online Plan 1
  • Exchange Online Plan 2
  • Exchange Online Kiosk
  • Exchange Online Protection
  • Office 365 Business Essentials
  • Office 365 Business Premium
  • Office 365 Enterprise E1
  • Office 365 Enterprise E3
  • Office 365 Enterprise F1
  • Office 365 Education A1
  • Office 365 Education A3

To buy Office 365 Advanced Threat Protection, see Office 365 Advanced Threat Protection.


To compare features across plans, see Compare Office 365 for Business plans.


Don't have it yet in any of the tenants I use, I assume it's still rolling out?

Valued Contributor
I don't see the checkbox to enable this in my first release tenant, but the alert policies are already there. Any specifics on availability?
Super Contributor

We see the checkbox but it threw an error saying it is "not in our cluster" so will try again later.




Thank you, 

Now I done enable the Office 365 Advanced Threat Protection for my tenant.


Not applicable


Just confirm to use this Advanced Threat protection do all our users in our tenant need the E5 licence or the add on?

Its not a case that 1 Global admin needs the licence just to enable this? Currently all our users have E3 plus our global admins. 




New Contributor

@Deleted, according to the information in this link:, says the following:


"Note: Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams is not available on-premises. Advanced Threat Protection is included in Office 365 Enterprise E5. If your organization is using another Office 365 Enterprise subscription, Advanced Threat Protection can be purchased as an add-on. (As a global admin, in the Office 365 admin center, choose Billing > Add subscriptions.) " 

Frequent Contributor

The ability to prevent an infected file from being downloaded is a great improvement. Thanks for sharing this update, @Bill Baer

Occasional Visitor

Dear Team,


We have a customer whose mailboxes are hosted on-premise Exchange 2010 but they have Office365 E3 Plan and Sharepoint Online licenses are assign for all of these users. They also have Office365 Advanced Threat Protection. Currently they don't have any plans of moving mailboxes to Exchange Online, however they would like to use Office365 ATP to stop phishing email. Please let me know if this is achievable with their current infrastructure.



Version history
Last update:
‎Apr 29 2018 08:37 AM
Updated by: