Enhance Exchange Online Security with Advanced Threat Protection

Carlos Lopez
Enhance Exchange Online Security with Advanced Threat Protection

As a cloud consultant, I have conversations about Microsoft cloud security with our customers often. I understand how and why cloud security has always generated a lot of controversy and conversations among the technical teams. As the amount of data breaches grow, hacking from collectives and even nation states are huge concerns for personal privacy. Cyber security has become a C-suite conversation, and it now has to be addressed at multiple levels. As organizations continue adopting the cloud as their main IT delivery model, we will continue seeing an increased number of available security controls that will help organizations avoid and counteract a potential data breach. That is why today I want to talk about how to enhance the security for Exchange Online using Exchange Advanced Threat Protection (ATP).

One of the most commonly used services in Office 365 is Exchange Online, which includes the anti-spam filtering service, Exchange Online Protection (EOP), as an out-of-the-box functionality. Over the last several years, I have seen a substantial number of organizations adopting the technology and moving thousands of mailboxes to the cloud. While the service has proven to be rock-solid, new add-ons and services that improve the security and visibility have emerged.

Last year, during their Ignite 2017 conference, Microsoft released the new Office 365 Advanced Threat Protection (ATP) service. This new service is designed to protect your organization against unknown malware and viruses by providing zero-day protection, not only to users sitting physically at your organization’s network, but also to users outside the boundaries of your network security perimeter. Microsoft’s ATP service also includes an advanced feature supported by Artificial Intelligence (AI) to safeguard your organization from spoofing and phishing.

The four services included with the ATP subscription are the follows:

  1. Safe Links: Also known as links-rewriting, the primary purpose of this feature is to protect your users from malicious hyperlinks in a message. All links are first redirected to a Microsoft ATP service that checks the site for any potential vulnerability. With Safe Links, your users do not need to be sitting behind an on-premises Web filter anymore to safely click on mail links. The protection remains every time they click the link, regardless of their location.
  2. Safe Attachments: Leveraging the Azure platform and using sandboxes to open and analyze attachments in real time, the Safe Attachments service opens and tests every attachment in a virtual environment before it gets delivered to the final recipient. The service re-routes all messages and attachments that have a known virus/malware signature to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox. If the attachment is determined to be malicious, it will be removed automatically. The service is intended to protect users against unknown malware and viruses and provides zero-day protection to safeguard your organization and the messaging system.
  3. Spoof Intelligence: While there are some legitimate reasons to enable third-party system to send email on behalf of the primary domain (spoofed email), Spoof Intelligence detects when a sender appears to be sending non-authorized mail on behalf of one or more user accounts within one of your organization’s domains. Any email sent from an un-authorized sender will be treated as spam or spoofing by Office 365.
  4. Advanced anti-phishing capabilities: The main purpose is to allow administrators to customize policies to enhance the protection for their organization from malicious, impersonation-based phishing attacks and other phishing attacks. This feature uses machine learning models to detect attacks against your organization.

A comprehensive cloud security program does not end with ATP. To properly secure your organization, we recommend implementing other technical controls such as anti-spoofing, anti-malware, anti-spam, encryption, and other services. Advanced Threat Protection is included only with the E5 and A5 licenses, and it can be added to any Office 365 subscription that includes Exchange Online. To learn more about the ATP solution, the required licenses, or how Connection’s Professional Services Team can help you design and implement your cloud security strategy, contact us today.

Carlos brings more than 13 years of Microsoft experience. He writes about cloud security, Microsoft Exchange, Office 365, and Azure services. He is a Microsoft Certified Solution Expert (MCSE) in data center and messaging, as well as a Microsoft Certified Solution Associate in Office 365. Professionally, he is particularly interested in cyber security and blockchain, and in his free time, he enjoys scuba diving, golf, and tennis.