Office 365 Advanced Threat Protection (ATP) secures more end users in Office 365 than all our competitors combined and can block >99.9% of malware.  To pair with these protection capabilities of ATP, customers have also asked for greater visibility into their environment. Today we’re excited to announce enhancements to Office 365 ATP addressing this customer need.

Reporting Enhancements for Office ATP Admins

For admins, it is critical to have threat information quickly and also representative of the latest impact of threats to the organization.  One of our enhancements to Office 365 ATP reporting is that new threat information will be offered in near real-time, viewed in an updated UI.  Threat information in the reports will update in minutes, providing the latest threat details across your Office 365 environment.  In addition to faster reporting updates, we’re also excited to launch four new types of reports which help improve the admin experience and provide crucial data on threats impacting your Office 365 environment. 

• User-reported – this report shows admins all the emails that end-users submit to Microsoft using the “Report Message’ add-in that we describe further below. The report also provides filtering by the email threat category selected by the user Figure 1. User Reported View

• Phish – this report shows all the emails that are categorized as phishing emails by the advanced machine learning models, impersonation and spoofing protection technology within ATP. The reporting metadata includes delivery status, and details regarding the attachment, header and body for these emails Figure 2. Phish View

• Content Malware – earlier this month, we expanded ATP coverage for SharePoint Online, OneDrive for Business, and Microsoft Teams. The content malware report provides information on malware that is detected and blocked in these services. Figure 3. Content Malware View

• Malware -- These new reports offer admins greater visibility and detail into the protection status of their tenant.  This added visibility tightens security for organizations, as admins can make confident policy and configuration updates to help reduce impact from the latest threats.

Figure 4. Malware View

Reporting Suspicious Messages for EOP/Office ATP Users

Many of our customers now train end-users to spot suspicious emails.  It is important to offer end-users an easy way to report suspicious emails that their security teams can analyze and quickly assess. The ‘Report message’ add-in makes this very easy for customers.  To activate the add-in, follow these instructions. End-users can report suspicious emails directly to Microsoft so that we can quickly update and enhance our protection capabilities.  Emails can be reported as either ‘junk’ or ‘Phish’. Additionally, this feature is coupled with the powerful ‘User-Reported’ view.  Now admins have visibility into emails that users consider suspicious.  This visibility is crucial and enables admins to understand:

• The variety and volume of threats potentially missed
• Which emails to immediately quarantine
• If end-user training is effective and which users may need further training(with tools like Office 365 Threat Intelligence’s new Attack Simulator feature)
• That Microsoft directly receives potentially malicious messages and rapidly broadens its scope of protection with near real-time user feedback

Ultimately, greater telemetry strengthens the ability to mitigate threats.  With the new ‘Report Message’ add-in, Microsoft has enabled near real-time access to threats, leveraging the scale of our customers end-users broadening our telemetry and improving the protection of Office 365. 

Send Us Your Feedback

We look forward to your feedback once you experience the new ‘Report Message’ add-in and the updates to ATP reporting.  Your valuable feedback enables us to continue improving and adding features that support the goal of making ATP the premiere advanced security service for Office 365.  If you have not tried Office 365 Advanced Threat Protection for your organization yet, you should begin a free Office 365 E5 trial today and start securing your organization from today’s most sophisticated threats.