ATP in Office 365 E5: What’s it all about?

These endless acronyms! Every company uses them, and the Microsoft universe is jam-packed with them as well. For instance we may encounter product acronyms like SPE and EMS or abbreviated features like the one used in today’s topic: ATP, or Advanced Threat Protection. It is a security feature in the Office 365 E5 Plan . Anton Neidel explains what functions the ATP in Office 365 E5 provides and how it works.

An article by Anton Neidel , Technical Solution Professional Cyber Security at Microsoft

Anton Neidel, Sales Executive at COMPAREX

My previous article  on the Office 365 E5 Plan touched on this particular feature. The term E5 will probably make you think immediately of communication. But besides this feature, there are other areas that receive a lot of attention – analysis and security.

Hard facts about security vulnerabilities

Let’s start things off with a short story.

IT Security Vulnerability

The world is changing, and IT is no different. So it’s only logical that security requirements are evolving as well. A study by the Gartner Group reveals that $20 billion were spent on security software in 2012. This number is predicted to reach $94 billion by the end of 2017. When asked about their antivirus protection, companies will usually answer that they have a product by Kaspersky, TrendMicro, McAfee, or Microsoft.

These solutions have indeed proven effective in the past, but they are becoming increasingly inefficient.
In 2010 the German research Institute AVTEST estimated that there are 49 million malware programs in the wild. McAfee reported in 2011 that two million viruses are discovered each month. In turn, Kaspersky Lab announced in 2013 that around 200,000 new malware programs are identified and neutralized every day.

But what is truly alarming is how long it takes to even detect malware once it has been released into circulation. For instance, researchers at Kaspersky Lab in Moscow discovered in 2012 that a highly complex and hitherto unknown piece of malware called FLAME had been doing the rounds for five years already, stealing data from information systems around the world. FLAME truly represented a failure of the antivirus industry, and most likely brought the entire antivirus software era to an end.

Office 365 Exchange Online: What is this basic protection good for, and where are its limits?

Office 365 Exchange Online

Microsoft Office 365 Exchange Online  offers a built-in basic security system in the Exchange Online Protection (EOP) feature. EOP has the following options:

  • Antispam protection
  • Spam management
  • Protection against malware
  • Transport rules
  • Reporting and logging

EOP and its market compatriots are powerless in the face of zero day attacks. A zero day attack describes malware that is entirely unknown to your virus protection and therefore remains undetected. This means that new solutions are necessary, i.e. the existing ones need to be expanded.

Advanced Threat Protection in Office 365 E5: how does advanced protection work?

ATP in Office 365

Advanced Threat Protection (ATP) – is, as the name suggests, included in the security features of the Office 365 E5 Plan  and is designed to protect against malware. In this respect, ATP uses the sandbox principle. Put simply, the system works like a Russian doll, installing a computer within another computer. This kind of emulation is frequently described as a virtual machine. Emails arriving in this sandbox are scanned for malware. For instance, email attachments are deliberately opened to see what happens. The actual system cannot be infected, as the malware remains enclosed in the sandbox.

Here’s an example of a cloud scenario:
Office 365 E5 ATP Scenzario

  1. The email arrives in the incoming mail server, where it is scanned by Exchange Online Protection.
  2. ATP also scans the email for licensed users.
  3. When the system recognizes a suspicious link or content, the email is removed or the rough contents of the link are described. Naturally, the user and the admin receive notification.

NOTE: inform your users if you enable ATP, as the additional scan can mean that emails arrive with a delay of between three and five minutes.

Ok, that’s all very well. But what happens if I have my email server on-premises? No problem! Here’s a scenario:

Office 365 ATP on premise scenario

How are ATP and EOP licensed?

How can I license Exchange Online Advanced Threat Protection (ATP) and Exchange Online Protection (EOP)?

EOP is always included in Enterprise Plans and Business Plans (provided they include Exchange Online).

ATP is part of the Enterprise 5 Plan (E5) and can also be booked as an add-on with other plans.

Office 365 ATP Licensing

Looking for more information about Office 365 E5 Plan?

We have put together all the information you need on Advanced Threat Protection and the other features in the Office 365 E5 Plan.

Get all details about Office 365 E5 Plan 

Please contact us also if you have any additional questions:

 Get in touch with us

Leipzig, 24.05.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

 Follow us on Twitter

Other articles by Anton

Office 365 E5 Plan: How good is the Enterprise Version?

An E5 version is now available for Office 365. Useful or useless? In this article, Anton Neidel takes a closer look at the new features of the Office 365 E5 plan. Read the full article ...

What is Microsoft Office 365 and why should I use it?

Many Office users have difficulty working out what Microsoft Office 365 actually is. Frequently it is equated with the ‘classic’ Office product. The users therefore assume that they simply receive Word, Excel and PowerPoint, etc. ‘from the cloud’. Read the full article ...

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.


Get an overview of all published blog articles of the past months.

 Read more

Share this Article