• Home
  • Blog
  • Technical
  • How to configure Advanced Threat Protection (ATP) part 2: safe attachments

How to configure Advanced Threat Protection (ATP) part 2: safe attachments

Back to Blog
23Aug2018

How to configure Advanced Threat Protection (ATP) part 2: safe attachments

In the previous post, we introduced ATP and one of its key features, anti-phishing polices.  ATP is an advanced security product from Microsoft, which is included with Microsoft 365 Business, Office 365 E5, or as a separate add-on to any other subscription, for $2.00/user/month (USD). Today we will explore another feature called safe attachments. Safe attachments will essentially launch any downloadable attachment or content and execute it in a virtual machine (what they call ‘detonating’), before allowing it to go on to the end user. This sandbox environment is looking for behaviors that are unusual or abnormal, and which could represent malware. This is beyond virus scanning, folks–it is looking for zero-day threats–stuff without signatures.

WARNING: enabling this feature will cause noticeable delays in delivery of certain content/attachments. In some cases, I have seen some email messages delayed by up to 10 minutes. This is because Microsoft has to launch the attachment and perform heuristics on it before you can receive it as an end-user.

Return to the Security & Compliance Center to set it up. From Threat management > Policy choose ATP safe attachments. Estimated time to complete: 10 minutes.

Here you can start by checking the box for Turn on ATP for SharePoint, OneDrive and Microsoft Teams, but again–be forewarned. There are performance impacts to this. Now go ahead and click the + plus button to add a new policy.

First choose whether to simply Monitor this policy, straight up Block detected malware, or Replace (remove the attachment but deliver the message body without the attachment). Last option, which is newer, is Dynamic Delivery, which is basically picking Replace and delivering the message right away, but only reattaching the content if it passes the scan. This can help with those delivery delays I mentioned, but again attachments can be delayed.

No matter what you pick here, you are also going to want to elect some administrator-monitored address to which content that is flagged or stripped can be redirected. Set your conditions (e.g. domain, group, etc.) and Save the policy.

If using the Dynamic Delivery option, you may receive a warning stating that this option applies to Office 365 hosted mailboxes only (not hybrid on-premises otherwise). After you have reviewed the settings, Save again on this page.

And that is the whole config. Next time we will look at the last piece to the ATP puzzle–safe links.

 

Technical , , , , , , 0 Comments
Share:

Leave a Reply

Back to Blog

Related Posts

23May

Best Practices: Time synchronization with virtual Domain Controllers

In Hyper-V virtualization, a guest virtual machine has something called "Integration Services." By default, all of these services are pretty much enabled, including time synchronization. However, this can cause big issues if you have virtual Domain Controllers, and your physical host servers are not getting their time... read more
08Aug

Teams, SharePoint and OneDrive best practices? More like considerations… Part 1: External sharing and communication

This article is part of a series. Also see Part 2, Part 3. Ever since I released the Office 365 Email Security Checklist, I have had a lot of people asking me for similar best practices checklists related to the "other" Office 365 services--especially Teams, SharePoint... read more
19Jan

FAQ: Office 365 Exchange Online Hybrid Migrations

I think I get more traffic and questions about this topic than just about any other. A lot of people send in comments or contact requests asking about things that I know I have already written about. But, apparently I haven't done a good job... read more
21Feb

What are the benefits of using Autopilot in Microsoft 365? And, how to configure it.

Autopilot is a "low touch" or "no touch" deployment method that can be leveraged by IT departments to enable self-service computer deployments. Users can basically pick up a new Windows 10 device, sign in, and have all of their applications and data come to them... read more
02Mar

It’s all about your downtime tolerance

Before you go picking the cheapest possible IT solution that meets your business requirements, or on the other side of the equation, adding unnecessary complexity to your network, you first need to consider: What is your downtime tolerance? If you don't answer this critical question,... read more
Limitations with MDB Standalone
02Jun

What are the limitations with Microsoft Defender for Business Standalone?

Most of my readers will already be familiar with Microsoft Defender for Business (MDB), which is included with Microsoft 365 Business Premium. And a majority of those will be deploying MDB as one part of a broader security solution which includes other services within the... read more
28Nov

Three ways to protect your customer’s on-premises data with Azure: Part 2 – Azure Backup Server

In the previous post, we looked at Azure Backup using the MARS agent, which can only do file, folder & system state data, and must be configured on the local machine. As you may already be aware, there are no local backup copies in that... read more
14Mar

Office 365 Email encryption vs. Rights Management templates

This is a four-part post on Azure Rights Management for Office 365. The Azure RMS service is a powerful tool that we can use to prevent data leakage and share information securely with users inside & outside of the organization. Follow along as we explore how to: Activate Azure Rights Management... read more
17Dec

The many ways to prevent data leakage in Microsoft 365

Office 365 Data Loss Prevention (DLP), Windows Information Protection (aka Endpoint DLP), Conditional Access App Enforced Restrictions, Conditional Access App Control with Microsoft Cloud App security, Sensitivity labels, Retention labels--are you thoroughly confused yet? All of the above can help you to prevent the leakage... read more
02Nov

Is Azure Backup as good as offline backup?

I am posing this question, not just for Azure Backup, but any cloud-based backup. Here's the question: Is Azure Backup (or any cloud-based backup for that matter) as good as having an offline backup? The Benefits of Azure / Cloud Backup Certainly one of the biggest benefits of... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me