Office 365 - Advanced Threat Protection (ATP) Features
To protect the campus community against phishing attempts and malware, UITS is utilizing Microsoft's Advanced Threat Protection (ATP) features in Office 365.
Office 365 Advanced Threat Protection (ATP) safeguards the UWM Office 365 environment against malicious threats posed by email messages, links (URLs) and collaboration tools.
Office 365 protects you from spam, phishing, and malware. Today, some of these attacks are so well crafted that they look legitimate. Sending messages to the Junk Email folder isn't always enough. Now, when you check your email in Outlook or Outlook on the web, Office 365 automatically checks the sender and adds a safety tip to the top of the email.
The safety tip, a color-coded message, will warn you about potentially harmful messages. Most messages in your inbox won't have a safety tip. You'll only see them when Office 365 has information you need to help prevent spam, phishing, and malware attacks. If safety tips do show up on in your inbox, you can use the following examples to learn more about each type of safety tip.
- Suspicious mail (red safety tip)
A red safety tip in an email means that the message you received contains something suspicious, such as a phishing scam. We recommend that you delete this kind of email message from your inbox without opening it.
- Spam (yellow safety tip)
A yellow safety tip in an email means that the message has been marked as spam. If you don't recognize and trust the sender of the message, don't download any attachments or pictures and don't click any links in the message. In Outlook on the web, you can click It's not spam in the yellow bar of a junk mail item to move the message to your inbox. If the yellow safety tip appears on a message that was delivered to your inbox, it's probably there because you've disabled moving spam to your Junk Email folder.
- Safe mail (green safety tip)
In addition to unsafe messages, we'll also tell you about valid messages from senders we trust with a green safety tip. A green safety tip in an email means that we checked the sender of the message and verified that it's safe. Microsoft maintains this list of trusted senders which includes financial organizations and others that are frequently spoofed or impersonated.
- Unfiltered mail (gray safety tip)
We'll also tell you when we skipped checking a mail because it's from a sender you trust on your Safe Senders list or if a mail flow rule exists to bypass filtering.
The gray safety tip also shows up when external images are blocked, that is, the message is in your inbox and doesn't appear to be spam, but contains external images that you haven't opted to download.
Office 365's ATP Safe Links links feature checks links (URLs) in email messages, Office documents, and Office 365 applications. If a URL is identified as suspicious or malicious, instead of going directly to the site, you might see a warning page instead.
Here are some of the warning pages you may encounter:
- ATP is scanning the link
A URL is being scanned by ATP Safe Links. You might have to wait a few moments to try the link again.
- A URL is in a suspicious email message
The URL is in an email message that seems similar to other email messages that are considered suspicious. We recommend that you double-check the email message before proceeding to the site.
- A URL is in a message identified as a phishing attempt
The URL is in an email message that has been identified as a phishing attack. As a result, all URLs in the email message are blocked. We recommend that you do not proceed to the site.
- A site has been identified as malicious
The URL points to a site that has been identified as malicious. We recommend that you do not proceed to the site.
- A site is blocked
The URL is blocked for your organization. There are several reasons why a URL might be blocked. We recommend that you contact your organization's Office 365 administrator.
- An error has occurred
Some kind of error has occurred, and the URL cannot be opened.
The ATP Safe Attachments feature checks to see if email attachments are malicious, and then takes action to protect you. When an email message contains one or more attachments, the message will be delivered and ATP will begin scanning the attachments. You can read the message body immediately, but the attachments won't be completely available until the safety scan is complete. You may, however, preview attachments deemed safe before scanning is complete.
If you open a message immediately after it appears in your Inbox, you might see the attachments listed as being scanned, as shown here in Outlook on the web: (opening the ATP Scan In Progress attachment shows a message that explains the attachment sent to you is still being scanned):
And the Outlook desktop app:
Safe Attachment scans typically complete in under 2 minutes, but they could take longer for large attachments. To see if the scan is complete, close and re-open the message. Safe attachments protection is also extended to files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
If you have additional questions or concerns about Advanced Threat Protection (ATP) features in Office 365, please contact the UWM Help Desk at (414) 229-4040, toll free at (877) 381-3459, visit Bolton Hall 225, or submit a help request online at https://uwm.edu/helpdesk.