Information Technology Professionals - IT Pros USA


Advanced Threat Protection via ITP

In this blog, we will discuss the value of Advanced Threat Protection (ATP). The first thing to know about ATP is that there are two different “flavors” of Advanced Threat Protection provided by Microsoft and other “flavors” from external vendors. The first is a more basic version, dubbed “Office 365 ATP” by our team. The second, a more cohesive (and expensive) option, is Windows 10 ATP. Finally, you can opt for external options, like the ATP support from Mimecast.

Advanced Threat Protection (ATP)

Selecting the Correct ATP Flavor

Office 365 ATP is an add-on to any Office 365 plan regardless of what underlying mailbox plan you use – E1, Business Premium, Business Essentials, whatever it might be. This Office 365 ATP adds a few key security features to Exchange Online Protection.

Any Microsoft Office 365 user that has email will automatically have Exchange Online Protection (EOP). EOP provides a fairly basic SPAM filter, and it’s going to use the SPAM filter native to Outlook to reduce clutter and attempt to keep your inbox relatively clear. In your Microsoft account, you can slightly adjust and tweak some of the EOP settings within the Office 365 Admin center.

Going Beyond a “Naked” Office 365 SKU

If you need more than this basic Exchange protection – something we call a “naked” Office 365 plan – Office 365 ATP is our go-to product to enhance your security posture. Office 365 ATP adds another layer of SPAM filtering and threat intelligence. O365 ATP is going to scan every one of the inbound emails you receive – it will scan attachments to make sure they are clear of viruses. To do so, it will use a known “bad-list” or blacklist to make sure who you’re receiving emails from is not a known, compromised spammer.

This O365 ATP SKU will automatically re-write any links that are sent to you in emails from outside entities. So, if someone on your staff clicks on that link, within the first 90 days, instead of going directly to the link, Microsoft’s cloud is actually going to scan the landing webpage you were being sent to before your user gets there. This is your protection from your staff accidentally clicking on malicious links during phishing scams. This software will prevent clicks on malware from ever occurring – the link protection from Office 365 will alert users of red flags.

This all tied into Microsoft Azure’s threat analytics and threat network. Obviously, Microsoft handles millions upon millions of security events, and all of that information and intelligence goes into that tool’s network and make-up. For an extra few dollars per user per month, it definitely pays for itself in the event that you have a single breach which is more than likely going to come from email.

For threats both personal and commercial, over 80% of breaches start with bad emails. Investing in protecting your staff’s email data is vital. We recommend that anyone currently using a naked Office 365 SKU make a move to advance their protection.

Third Party Advanced Threat Protection

On a similar thought process – we don’t always recommend to users that they have to remain within the Microsoft network for additional security for Office 365. We work with a number of alternatives, including Mimecast.

Mimecast is a cloud email security company. That is their primary focus. They’ve always been cloud-focused – they were never an on-premise solution – they’ve been a cloud-only / cloud-native company.

One of the primary advantages of utilizing a third-party – your system can easily identify which emails are coming internally v. externally. So, when an email threat comes to Mimecast, and it’s an email impersonation attempt (think instead of or something similar), Mimecast will filter that message out based on the external address.

What Mimecast Brings to the Table

Services like Mimecast really have a good anti-spoofing mechanism. They really have some of the best threat analytics and machine learning, as well as just a massive footprint for email data. This doesn’t just apply to O365, but premise systems, Gmail, and other services across the whole globe. And, much like Microsoft, Mimecast is able to see a broader set of security concerns and make a better technology thanks to their large database of information regarding threats.

One of the differentiators there – Mimecast, like the O365 ATP, rewrites the links of external emails. However, Mimecast does it permanently. So, even if you’re going into your archive, and you’re past that 90-day mark, Mimecast will still run that link through its protection system, in perpetuity. We absolutely think this is a marked advantage for Mimecast. In fact, it’s one of the primary reasons we have Mimecast on our line card today.

Mimecast serves as a safety net, providing Advanced Threat Protection via an external option. In the above image, you see the chain of events when an external email is received with an attachment. The attachment is stored, retooled in a safe format, and then sent to the end user. Should the end user need the original for any reason, it is saved on the backed up Mimecast server.

Additionally, there are packages for both internal and external partners that go above and beyond the email protection. You can add other services to your SPAM protection – adding archiving, adding point-in-time back-up, or adding impersonation protection – there are really a lot of levels, and we can help direct you to the correct one for your business.

This means helping you select a package with the right set of features to optimize your business’ productivity without hitting the bottom line.

Windows 10 ATP – the Installed Inspector

Windows 10 ATP is your next generation, machine learning based security agent that literally lives on your devices. The Windows 10 ATP product, unlike Office 365, will actually be installed on the device in use. You’ll secure your Windows-enabled device – be it a laptop, desktop, cell phone or tablet – and your Windows 10 ATP will report to a separate portal than all your Office 365 information.

Windows 10 ATP is constantly evaluating security concerns on your device. It’s monitoring your activity and your file launching behaviors. The analytics tools within Windows 10 ATP will catch zero-day viruses and virus-like activity.

In other words, Windows 10 ATP is not a definition-based antivirus product. You’ll still want one (think Microsoft Defender or TrendMicro), but Windows 10 ATP is the next level of security. It will send up red flags and alerts on the latest in phishing scams and hacks.

Advanced Threat Protection – Where do you Stand?

With evolving and ever more sophisticated email threats – we can’t recommend enough the additional ATP solutions. In this blog, we’ve highlighted three key options: Office 365 ATP, Mimecast, and Windows 10 ATP. But there are other ATP options on the market, and we recommend you find the best one for your business.

Ultimately, when it comes to protecting your users, there are always good options both natively and via external partners. We highly recommend that you pair your existing infrastructure with one of these systems. Whether you opt for an Office 365 ATP or a solution from a provider like Mimecast, an ATP solution will go a long way toward protecting your business from external threats and internal user-error.

And of course, if you’re not sure which option is right for your environment and budget, we can help.

For more on IT security, check out these other features from the ITP blog:


Get Started