Microsoft Ignite Session Recap and Feature Updates for Office 365 Advanced Threat Protection
Published Oct 03 2017 08:03 AM 15.1K Views

Last week at Microsoft Ignite, we made several announcements on new and exciting features that will be launching in Office 365 Advanced Threat Protection (ATP).  As many organizations now are fully immersed in their digital transformation journey, we shared how ATP leverages threat signal from the Microsoft Intelligent Security Graph (figure 1).  This signal is harnessed from over 1 billion windows devices, 18+ billion Bing web pages, 450 billion Azure user authentications, 200+ global cloud consumer and commercial services, and 400 billion monthly emails scanned in Office 365.

Figure 1. Leveraging Threat Signal from the Microsoft Intelligent Security GraphFigure 1. Leveraging Threat Signal from the Microsoft Intelligent Security Graph


By leveraging this threat signal, Office ATP announced an unprecedented 99.9% catch rate for malware. As we further tune our effectiveness for catching malware, we will continue to rely on our unmatched breadth and depth of signal provided by the Intelligent Security Graph.  These detection capabilities with Office 365 ATP are being leveraged by our rapidly growing customer base. Office 365 ATP now serves more customers than all other advanced security vendors combined while serving three times as many end users as our nearest competitor.


Office ATP vs. CompetitorsOffice ATP vs. Competitors


At Ignite we also did a deep dive on the different methods threat actors use to compromise end users in Office 365.  Below, we summarize the variety and sophistication of threats that are seen and stopped on a daily basis within Office 365.





Malware Types Launched at Office 365Malware Types Launched at Office 365


ATP Feature Updates

During our conference session, we demonstrated both existing and upcoming new features which will further expand the protection capabilities of ATP.


Safe Links: Many users have relied on the time of click protection of Safe Links to protect end users from sophisticated threats in the form of links in emails.  Now Safe Links can be enabled for internal emails to protect users from malicious links being sent within the organization.  We also introduced enhancements to URL detonation to determine phishing links within several types of documents including PDFs.  URL detonation combines the file detonation technology of Safe Attachments with the time of click protection of Safe Links to flag malicious linked-to files in the body of emails. With enhanced URL detonation, ATP now extends protection to malicious links embedded in documents. To expand Safe Links coverage of potentially malicious links, we have enabled deeper integration with Windows 10, which will enhance ATP's anti-phish protection capabilities.  Later this year, we will enable Safe Links for Office Clients on both the iOS and Android platforms.  Addtionally, the end user experience will also greatly improve in Safe Links as we will be rolling out Native Link Rendering in the coming weeks, which will allow users to see the original URL when they hover over a link. 


Safe Attachments: Safe Attachments now shares data in real-time with endpoints protected by Windows Defender AV and Windows Defender ATP by leveraging the Microsoft Intelligent Security Graph. Detections on the end points are used to protect Office 365 and detections in Office 365 are used to protect endpoints.  This powerful integration between platforms will not only help protect users from attacks on corporate assets and email, but also from attacks through personal email or social media accounts.  


We are also adding a new Document Preview feature which enables users to read the content of an attachment while it is being scanned.  Additionally, the user can interact with the preview document as they would with the real document having the ability to make edits or changes to the document.

 Integration with WDAV/WDATP and Safe Attachments Document PreviewIntegration with WDAV/WDATP and Safe Attachments Document Preview

ATP Expanded Protection 

Earlier this year, we expanded ATP coverage to Office 365 Proplus Desktop Clients which offers ATP security for Word, Excel, PowerPoint, and Visio documents.  During Ignite, we also announced the expansion of ATP for files stored in SharePoint Online, OneDrive For Business, and on Microsoft Teams.  This protection across additional workloads includes:


  • Securing the organization from malicious content using a combination or reputation filters, advanced machine learning, inspection and detonation capabilities
  • Using smart heuristics to determine when to apply detonation
  • Leveraging the power of shared signals across Office 365 workloads enabling deeper protection from malware and 

This added protection will help secure organizations from scenarios such as file sharing from OneDrive For Business or SharePoint Online across mobile, and web and OneDrive syncs with client end points.  This protection also extends to files in conversations, sent via email to channels or uploaded via Teams web, desktop and mobile clients. Our goal with Office 365 Advanced Threat Protection has always been to provide the most robust and comprehensive security for your Office 365 environment, and with ATP's expansion to these new workloads, we are even closer to our goal.


ATP Protecting SharePoint OnlineATP Protecting SharePoint Online


ATP Administrator Rich Reporting Updates

Earlier this year, we launched features which enhanced the admin experience providing more control and visibility for Office 365 ATP including:


  • Support for Quarantine of Malware and Phish messages to allow administrators to review and release any mails wrongly classified.
  • Increased Safe links policy controls on Safe links to customize it for your organization.
  • Created “Threat Protection Status” report to provides a comprehensive view of all malicious content detected across EOP and ATP features

During our Ignite session, we announced the following capabilities that will be launching soon and will further empower and help admins be even more efficient:


  • Security Dashboard with cloud intelligence powered insights which will enable administrators to manage their EOP and ATP features from a single pane
  • Increased visibility using near real time reports on malware and phish campaigns with advanced filtering capabilities.
  • Visibility into user submitted messages so that administrators can understand and respond to new threats impacting their organization


ATP DashboardATP Dashboard


The full broadcast of last week's Ignite session can be seen here.  If you are not already leveraging the capabilities of ATP, begin an Office 365 E5 trial to tyr it out, or begin securing your organization with ATP today.  As always, we would love to hear your feedback as we continue on our journey to ensure all our customers are protected from today's most advanced and sophisticated threats with Office 365 Advanced Threat Protection.

1 Comment
Version history
Last update:
‎May 11 2021 01:54 PM
Updated by: