Protecting Against Advanced Threats with Office 365

Over the many years of working on Office 365 projects of varying sizes, we have seen the steady rise of attacks against clients that are running in the Microsoft cloud. Those attacks have gotten better and more sophisticated over the years. It came to the point that shortly after the release of the Advanced Threat Protection (June 2015) we started looking at this add-on service to complement the Exchange Online Protection service. After some initial slow growth, roughly two years ago that exploded to the point where approximately 99% of clients are now seeing the value of the ATP service and including it in their deployment. At $2/user/month, it is a really (really) cheap security layer!

From its inception, the ATP service has always included the Safe Attachments (scanning attachments for “extras” – the not so good kind!) and Safe Links (scanning links for “interesting things”) services. Outside of Microsoft constantly improving the effectiveness of the services (ie. increasing the number of anti-virus engines used to scan messages, reducing attachment scanning latency, increasing the malware catch rates year over year), this year I think Microsoft outdid themselves. In March of this year, Microsoft added a third service (at no price increase) into the ATP service to provide protection against phishing and spoofing. The new enhancement offers protections for:

  • Impersonation protections to guard against spear-phishing
  • Spoofing protections (things like common domain variations)
  • Internal message analysis for phishing (from the assumed breach posture)
  • Detection of phishing lures

On first release, this new addition caused quite a commotion for all ATP consumers since it was, more or less, silently released. The commotion was the result of some default settings performing some inspection of inbound email and how that email was being authenticated by the sender (SPF/DKIM/DMARC). Those settings had caused a sudden large rate of legitimate messages going into Junk/Quarantine when they “shouldn’t” be. I can happily report that the issue causing that has been fixed by Microsoft. I have rolled out the new Anti-Phishing/Anti-Spoofing protections to numerous clients starting in June and have had zero issues with the Junk/Quarantine issue. The anti-phishing/anti-spoofing protections are now included as part of Sikich’s default deployment to give our clients the best possible protection of their Office 365 service.

Considering Office 365? We’ve helped hundreds successfully implement Office 365. As a Microsoft Partner of the Year, our team of experts are ready to answer your important questions and help make the best strategic plan for your move to the cloud. Tell us what you want to know about cloud productivity solutions.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author