Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Get the most out of Office 365 ATP in the shift to remote work
Published May 04 2020 10:15 AM 8,667 Views

It’s never been more critical that employees and the partners they collaborate with can work remotely and stay more secure. In the months leading up to this monumental shift, phishing and malware attacks were at the top of the list of cybersecurity threats. Now, attackers are capitalizing on fear, leveraging this time of uncertainty and change as an opportunity. Phishing and malware attacks are on the rise, many of which now include COVID-19 related lures. In the circumstances we are living through, these threats continue to be some of the most considerable risks to organizations. 


What’s available to you today

Office 365 Advanced Threat Protection provides industry-leading protection for all of Office 365. This includes protection against phishing and malware for Exchange, SharePoint, Teams, OneDrive, and Office applications.  O365 ATP is built-in to Office 365, so you won’t need multiple solutions to maintain a threat protection solution for email and collaboration.

If you’ve got our P2 license, you have access to our post-breach capabilities, which include hunting, automated investigation, and response capabilities, as well as Attack Simulator which provides end-user training simulations.


Guidance for rapid onboarding

Office 365 ATP provides a variety of threat protection features for your organization. Many of these can be enabled quickly with little impact to your users. Remember that you can extend phishing and malware protection beyond the mailbox, to SharePoint, OneDrive, Teams, and Office, with a single click. For guidance on configuring these policies, such as Safe Links and Safe Attachments, visit our Protect against threats documentation.  If you need additional help, our FastTrack service is free for all Office 365 ATP customers, and is extending coverage in support of COVID-19 response efforts. Visit the FastTrack site to request assistance.


Our recommendations

Across the Office 365 service we see that misconfigurations cause 20% of phishing emails to be delivered to users’ inboxes. In this critical time, review your configurations to ensure that your organization is protected. If a portion of your users have transitioned to remote work, ensure that your existing configurations support this change safely, and that you haven’t broadened your attack surface more than is necessary. The O365 ATP Recommended Configuration Analyzer (ORCA) can help you review your configurations and ensure that you are maintaining a secure posture.

We’ve also published recommended settings in both a standard and strict variant. Each customer's environment and needs are different, but we believe that these levels of mail filtering configurations will help prevent unwanted mail from reaching your employees' inbox in most situations.

Visualize the threats to your organization with Campaign Views and view the full story of how attackers targeted your users and how your defenses handled the threats. Armed with this information, security teams can more rapidly remediate compromised users, improve security posture, and hunt and track threats. Learn more about Campaign Views here.


Microsoft is here to help

In case of a security incident, Microsoft incident response (IR) services are available through the Microsoft Detection and Response Team (DART). DART provides both reactive incident response and pro-active cyber-resilient services, some delivered remotely and some on-site. The team responds to security incidents and helps customers and partners around the world. You can reach out to your Microsoft Account Manager, Technical Account Manager, or Premier Support contact if you need help from DART.

To learn more about what Microsoft is doing to address the current threat landscape, view our recent blog post on threat intelligence here.


At Microsoft, we understand that securing a remote workforce poses unique challenges. We’re committed to helping customers protect their users and resources, empower their security teams, and focus on what’s most important during this unprecedented time.







Version history
Last update:
‎May 04 2020 10:12 AM
Updated by: