Office 365 Advanced Threat Protection protect the emails, and Office 365 account from undiagnosed and sophisticated attacks. The main services of this ATP are following:
- Secure mailboxes against advanced threats
- Protect users from unsafe attachments
- Guard the environment when users click on malicious links
- Provide rich reporting and track links in the email messages
The latest anti-phishing policies reintegrated within Office 365 Advanced Threat Protection, which is an add-on edition of Exchange Online Protection. It is also enclosed within the Enterprise E5 license bundle. When the anti-phishing is available in user’s tenant, this will display in the Security and Compliance Center.Note: ATP anti-phishing is just available in the Advanced Threat Protection Office 365 Enterprise E5. If any organization is operating some other Office 365 Enterprise subscription then, Advanced Threat Protection can be bought as an add-on. (To do this, As a global admin, Go to Office 365 admin center >> Billing >> Add subscriptions)
After this, the next step is to add domains to protect. Here, we are talking about the domains that user want to defend from being impersonated. Well, it is a good idea to leave the alternative to automatically add the domains are own enabled. Thus, the owned domain names are secured from impersonation. Administrators are allowed to add partner domains, or any other domains, which could be impersonated to harm the organization.In case, if the administrator wants to ensure that the email is from outside his organization then, it is not an impersonation of domains that are defined in the list of verified domains or of a partner domain.
- Redirect the message to any other email address
- Move the message to the recipient of Junk Email folder
- Quarantine message (It is user-accessible quarantine to release and view the email)
- Deliver the email message and add any other addresses for the Bcc line (it is a reasonable action if the user just need to test the new policy)
- Do not apply any action (it will still add the phishing protection tip)
There are three main tips and all are enabled by default.
Use Mailbox IntelligenceConfiguring the mailbox intelligence is the next option. This option is enabled by default. Mailbox intelligence utilizes the mailbox's normal traffic structures for better enabling of the impersonation detection to find unusual messages.
Add Trusted Sender and Domain
Next, users can add trusted senders and domains. This will let users override the anti-phishing policy for the senders to that someone knows is safe. Messages from sender email addresses and the domain’s user add as the trusted senders and domains will not ever be categorized as the impersonation-based attack. It results, the actions and settings in the policy will not be applied to the email messages from the senders and domains.
Apply Created Policy
Eventually, select the recipients for applying the policy to. There are the users, who user want to defend from receiving the phishing emails. This alternative is same as any other ATP policies and permits to generate policies that apply to:
- Specific recipients
- Recipients that are members of a group
- Recipients of a domain