先进的威胁保护

The Quick 和 Easy Way to Enable Advanced Threat Protection in Microsoft 365

As more of the workforce connects from their homes, there has been a spike in usage for remote productivity services. 很多组织都在捐赠 微软Office 365 subscriptions to all of their staff, using more collaboration tools from 前景、OneDrive、SharePoint和团队.

不幸的是, this is creating new security vulnerabilities with more untrained workers being attacked by malware or ransomware through 附件, 链接, 或网络钓鱼攻击.

This article will provide you with an overview of how 微软Office 365 Advanced Threat Protection (ATP) can help protect your organization, along with 链接 to help you enable each service.

ATP is included in the 微软Office 365 Business Premium, 企业E5, 教育A5订阅, but it can be added to almost any subscription.

什么是高级威胁防护?

微软Office 365 now comes with the Advanced Threat Protection service which secures emails, 附件, files by scanning them for threats. This cloud service uses the latest in machine learning from the millions of mailboxes it protects to proactively detect 和 resolve common attacks. This technology has also been extended beyond just email to protect many other components of the Microsoft Office suite. In addition to ATP leveraging Microsoft’s global knowledge base, your organization can use ATP to create your own policies, 调查不寻常的活动, 模拟的威胁, 自动回复, 和查看报告.

先进的威胁保护 office 365

安全链接

微软Office 365 ATP helps your users determine if a link is safe when using 前景, 团队, OneNote, 词, Excel, 演示文稿和矢量绘图软件. Malicious or misleading 链接 are a common 方法 for hackers to direct unsuspecting users to a site that can steal their information. These emails are often disguised to look like they are coming from a manager or the IT staff within the company. ATP will automatically scan 链接 in emails 和 cross-reference them to a public or customized list of dangerous URLs. If a user tries to click on the malicious link, it will give them a warning so that they underst和 the risk if they continue to visit the website.

如何启用ATP安全链接

安全附件

One of the most common ways which your users will get attacked is by opening an attachment that is infected with malware. 打开文件时, it could execute a script that could steal passwords or lock up the computer unless a bounty is paid, in what is commonly known as a ransomware attack. ATP will automatically scan all 附件 to determine if any known virus is detected. You 和 your users will be notified about anything suspicious to help you avoid any type of infection.

How to enable ATP 安全附件

反钓鱼政策

启用ATP反钓鱼功能时, all incoming messages will be analyzed for possible phishing attacks. 微软Office 365 uses cloud-based AI to look for unusual or suspicious message elements, 比如描述不匹配, 链接, 或域. 每当触发警报时, 用户立即得到警告, the alert is logged so that it can be reviewed by an admin.

如何启用ATP反网络钓鱼

实时检测 & 报告

Approved users will have access to the ATP dashboard along with reports about recent threats. These reports contain detailed information about malware, phishing attacks, submissions. A Malware Status Report will allow you to see malware detected by type, 方法, the status of each message with a threat. The URL Protection Status Report will display the number of threats discovered for each hyperlink or application 和 the resulting action taken a user. The ATP Message Disposition report shows the different types of malicious file 附件 actions in messages. The 电子邮件 Security 报告 include details about the top senders, 收件人, 欺骗的邮件, 和垃圾邮件检测.

How to view all the various ATP reports. Note: there are some more advanced reports which must be triggered through a PowerShell cmdlet.

威胁的探险家

Another important component of ATP is the 威胁的探险家 which allows admins or authorized users to get real-time information about active threats in the environment through a GUI console. It allows you to preview an email header 和 download an email body, 出于隐私考虑, this is only permitted if permission is granted through role-based access control (RBAC). You can then trace any copies of this email throughout your environment to see whether it has been routed, 交付, 阻塞, 取代, 失败的, 下降了, 或废弃. You can even view a timeline of the email to see how it has been accessed over time by 收件人 in your organization. Some users can even report suspicious emails 和 you can use this dashboard to view these messages.

如何启用ATP威胁浏览器

威胁追踪器

微软Office 365 leverages its broad network of endpoints to identify 和 report on global attacks. Administrators can add any Threat Tracker 小部件 which they want to follow to their dashboard through the ATP interface. This allows you to track major threats attacking your region, industry, or service type.

如何启用ATP威胁跟踪器

自动化的事件响应

Another great security feature from 微软Office 365 ATP is the ability to automatically investigate well-known threats. 一旦检测到威胁, the 自动化的事件响应 (AIR) feature will try to categorize it 和 start remediating the issue based on the industry-st和ard best practices. This could include providing recommendations, quarantining, or deleting the infected file or message.

How to use Automate Incident Response (AIR)

攻击模拟器

One challenge that many organizations experience when developing a protection policy is their inability to test how their users would actually respond to an attempted attack. The ATP 攻击模拟器 is a utility that authorized administrators can use to create artificial phishing 和 password attacks. These fake email campaigns try to identify 和 then educate vulnerable users by convincing them to perform an action that could expose them to a hacker. This utility can run a Spear Phishing Campaign, Brute Force Attack, a Password Spray Attack.

How to enable the ATP 攻击模拟器

这一套不同的工具, 小部件, simulators can help admins protect their remote workforce from the latest attacks. Microsoft has taken its artificial intelligence capabilities to learn how millions of mailboxes are sharing information, use this to harden the security of their entire platform.

你的Office 365数据安全吗?

Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts 和 calendar events are saved somewhere but they’re not. Secure your Office 365 data today using bt365注册真人平台Office 365备份 – the reliable 和 cost-effective mailbox backup, recovery 和 backup storage solution for companies 和 MSPs.