Office 365 ATP is meant to help organizations stay secure by detecting and addressing new and unknown threats. Initially launched in 2015, Office 365 launched to protect "against unknown malware and viruses, real-time, time-of-click protection against malicious URLs, and rich reporting and URL trace capabilities," Microsoft says (via OnMSFT). Now that same protection is being extended to SharePoint, OneDrive, and Microsoft Teams.
Advanced Threat Protection in SharePoint, OneDrive, and Teams will now surface quality indicators, helping to identify malicious content. A part of this process includes correlating file activity signals from each service with Microsoft Security Intelligence Graph threat feeds.
Examples of file activity signals include anonymous, company wide or explicit sharing, or activity from guest users. Threat feeds that Office 365 Advanced Threat Protection leverages include known malware in email or SharePoint, Windows Defender/Defender ATP detections, suspicious or risky logins or other indicators of irregular file activity within your tenant.
Office 365 ATP is included for Office 365 Enterprise E5, Education A5, and several Exchange and Office 365 subscription plans. IT administrators can learn more about configuring ATP at Microsoft.
