Office 365 Advanced Threat Protection for SharePoint, OneDrive and Microsoft Teams now available
Published Dec 05 2017 07:47 AM 27K Views

When moving your organization to cloud services, security concerns add another layer of consideration; one of trust.


Security and compliance is an ongoing process, not a steady state. It is constantly maintained, enhanced, and verified by highly-skilled, experienced and trained personnel. We strive to keep software and hardware technologies up to date through robust processes. To help keep Office 365 security at the top of the industry, we use processes such as the Security Development Lifecycle; we also employ techniques that throttle traffic and prevent, detect, and mitigate breaches.


At Microsoft we continue systematic approach to disrupting attacks through eliminating weaknesses by eliminating the vectors of attack themselves by implementing architectural changes some of which leverage virtualization, containers, and other types of technologies.


In April 2015 we launched Office 365 Advanced Threat Protection to help customers secure their environment from evolving security threats providing protection against unknown malware and viruses, real time, time-of-click protection against malicious URLs, and rich reporting and URL trace capabilities.


In our continued effort to address the modern threat landscape, today we’re announcing General Availability of Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams.

Office 365 Advanced Threat Protection SharePoint, OneDrive, and Microsoft Teams uses signals and smart heuristics as quality indicators to identify the files within your tenant that may contain malicious content, which includes correlating the file activity signals from SharePoint, OneDrive, and Microsoft Teams within your tenant with the Microsoft Security Intelligence Graph threat feeds.


Examples of file activity signals include anonymous, company wide or explicit sharing, or activity from guest users. Threat feeds that Office 365 Advanced Threat Protection leverages include known malware in email or SharePoint, Windows Defender/Defender ATP detections, suspicious or risky logins or other indicators of irregular file activity within your tenant.


Getting Started

Office 365 Advanced Threat Protection SharePoint, OneDrive, and Microsoft Teams can be configured in the Office 365 Security and Compliance Center.


Learn more on configuring Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams at



Office 365 Advanced Threat Protection overview []


Advanced Threat Protection safe attachments in Office 365 []



Can I block download of infected files in Office 365?

There is a tenant level configuration that allows or blocks the download of an infected file. This configuration is leveraged by the different native user experiences that are triggered within SPO, ODB and Teams. Tenant admins can be updated using a PowerShell script. Refer to and the DisallowInfectedFileDownload parameter for additional details.


Is there a licensing requirement for ATP?

ATP is included in Office 365 Enterprise E5 and Office 365 Education A5. You can add ATP to the following Exchange and Office 365 subscription plans:

  • Exchange Online Plan 1
  • Exchange Online Plan 2
  • Exchange Online Kiosk
  • Exchange Online Protection
  • Office 365 Business Essentials
  • Office 365 Business Premium
  • Office 365 Enterprise E1
  • Office 365 Enterprise E3
  • Office 365 Enterprise F1
  • Office 365 Education A1
  • Office 365 Education A3

To buy Office 365 Advanced Threat Protection, see Office 365 Advanced Threat Protection.


To compare features across plans, see Compare Office 365 for Business plans.

Version history
Last update:
‎Apr 29 2018 08:37 AM
Updated by: