How to view the Advanced Threat Protection Reports

Advanced Threat Protection (ATP) service in Windows helps you prevent zero-day malware attacks by analyzing inbound email attachments for any new threats and blocking them right away. Every ATP classifies a threat into:

  1. Clean – File classified has a minimal risk as no malicious indicators are found.
  2. Suspicious – File classified as medium risk. It poses a potential risk
  3. Malicious – File classified as high-risk. There’s a great likelihood of file being laced with malware.

It is therefore essential to review the ATP Report before determining whether to deliver the message.

Viewing Advanced Threat Protection Reports

You can view your ATP reports in the Security & Compliance Center. Go to Reports > Dashboard. There are three kinds of ATP reports:

  1. Threat protection status report
  2. ATP Message Disposition report
  3. Advanced Threat Protection File Types report

Let us take a look at them.

Threat protection status report

To view this report, navigate to Security & Compliance Center, go to Threat management and choose Advanced threats.

Then, for a more detailed status for any day, hover over the graph. The report will offer an aggregated count of unique email messages with malicious content (files or links) blocked by built-in ATP protection features like ATP safe links and ATP safe attachments.

Advanced Threat Protection Reports

Underneath the chart, you’ll see a detailed list of the detections, including subject lines and how each item was detected. Simply select an item to view its observed behavior like, whether the item was inbound or outbound, how it was detected and perform advanced analysis, if necessary.

ATP Message Disposition report

The ATP Message Disposition report basically displays the actions confirmed for email messages that were suspected to have malicious URLs or files.

For viewing this report, go to Reports section visible under the ‘Security & Compliance Center’> Dashboard and then, ATP Message Disposition.

Simply click the report to open it and get a more detailed view of the report.

Advanced Threat Protection File Types report

It informs a user about malicious website links (URLs) and malicious files detected through ATP safe links and safe attachments policies (we’ll cover this topic in our upcoming post)

To view this report, Reports section as outlined above, select ‘Dashboard’> ATP File Type.

Next, when you move your mouse cursor over a particular day, you can notice the number of malicious URLs or files were detected. Click the ATP File Types report to get a more detailed view of the report.

Thus, ATP provides a way for users to create and define policies that can ensure users access only to links in emails or attachments to emails that are identified as not malicious.

For details, you may visit office.com.

Posted by on , in Category Office with Tags

The author Hemant Saxena is a post-graduate in bio-technology and has an immense interest in following Windows, Office and other technology developments. Quiet by nature, he is an avid Lacrosse player. Creating a System Restore Point first before installing a new software, and being careful about any third-party offers while installing freeware is recommended.