<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2989354781298240&amp;ev=PageView&amp;noscript=1">
cyber security Data Protection

What is ATP & Features that ATP Provides for Security

Jun 12, 2023 1:06:49 PM by Kishan
What is ATP what is advanced threat protection what are the features of ATP

What is ATP? 

ATP or Advanced Threat Protection refers to a category of security solutions to defend against complicated and advanced cyber threats. ATP can be available in the form of software and managed services. They are typically employed to provide enhanced security against various types of online threats that other traditional security solutions cannot detect.

Every Office 365 subscription comes with security capabilities. The goals and actions that you can take depend on the focus of these different subscriptions. In Office 365 security, there are three main security services (or products) tied to your subscription type: 

  • Exchange Online Protection (EOP) 
  • Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
  • Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)

Office 365 security builds on the core protections offered by EOP. EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based). 

You may be accustomed to seeing these three components discussed in this way: 

EOP

Microsoft Defender for Office365 Plan 1 

Microsoft Defender for Office365 Plan 2 

Prevents broad, volume-based, known attacks. 

Protects email and collaboration from zero-day malware, phish, and business email compromise. 

Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training). 

In Terms of Architecture:

"office 365 security"


What are the benefits of Microsoft Defender for Office365? 

What makes adding Microsoft Defender for Office 365 plans an advantage to pure EOP threat management can be difficult to tell at first glance. To help sort out if an upgrade path is right for your organization, let's look at the capabilities of each product when it comes to: 

  • Preventing and Detecting Threats 
  • Investigating 
  • Responding

Capabilities of the Product 

Exchange Online Protection (EOP) 

Microsoft Defender Plan 1 

Microsoft Defender Plan 2 

 

 

 

 

 

 

 

Preventing & Detecting Threat 

  • Spam 

  •  

    Phish 

  • Malware 

  • Bulk Mail 

  • Spoof Intelligence 

  • Impersonation Detection 

  • Admin Quarantine 

  • Admin and User Submissions of False Positives and False Negatives 

  • Allow/Block for URLs and Files 

  • Reports

     

Technologies include everything in EOP plus: 

  • Safe attachments 
  • Safe links 
  • Microsoft Defender for Office 365 protection for workloads (ex. SharePoint Online, Teams, OneDrive for Business) 
  • Time-of-click protection in email, Office clients, and Teams 
  • anti-phishing in Defender for Office 365 
  • User and domain impersonation protection 
  • Alerts, and SIEM integration API for alerts 

 

 

 

 

 

 

 

 

Technologies include everything in EOP, and Microsoft Defender for Office 365 P1 

 

 

Investigate 
  • Audit Log Search 
  • Message Trace 
  • SIEM Integration API For Detections 
  • Real-time Detections Tool 
  • URL trace 

  • Threat Explorer

  • Threat Trackers 

  • Campaign views 

 

 

Respond 

  • Zero-hour Auto Purge (ZAP) 

  • Refinement and Testing of Allow and Block lists

     

  • Zero-hour Auto Purge (ZAP) 

  • Refinement and Testing of Allow and Block lists 

  • Automated Investigation and Response (AIR) 

  • AIR from Threat Explorer 

  • AIR for compromised users 

  • SIEM Integration API for Automated Investigations 

Microsoft Defender Plan 1 VS Microsoft Defender Plan 2 

Microsoft Defender Plan 1 

Microsoft Defender Plan 2 

Configuration, protection, and detection capabilities: 

 

Defender for Office 365 Plan 1 capabilities 

--- plus --- 

Automation, investigation, remediation, and education capabilities: 

 

  • Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5. 

  • Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium. 

  • Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. To learn more, here's another link Feature availability across Microsoft Defender for Office 365 plans. 

  • The Safe Documents feature is only available to users with the Microsoft 365 A5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans). 

  • If your current subscription doesn't include Microsoft Defender for Office 365 and you want it, contact sales to start a trial, and find out how Microsoft Defender for Office 365 can work for in your organization. 

  • Microsoft Defender for Office 365 P2 customers have access to Microsoft 365 Defender integration to efficiently detect, review, and respond to incidents and alerts 

Contact sales@vlan.asia for more to mitigate cyber threats coming your way!
Kishan
Kishan

Senior Support Engineer

Leave a Comment