Advanced Threat Protection (ATP) service in Windows helps you prevent zero-day malware attacks by analyzing inbound email attachments for any new threats and blocking them right away. Every ATP classifies a threat into:
- Clean – File classified has a minimal risk as no malicious indicators are found.
- Suspicious – File classified as medium risk. It poses a potential risk
- Malicious – File classified as high-risk. There’s a great likelihood of file being laced with malware.
It is therefore essential to review the ATP Report before determining whether to deliver the message.
How to view Advanced Threat Protection Reports
You can view your ATP reports in the Security & Compliance Center. Go to Reports > Dashboard. There are three kinds of ATP reports:
- Threat protection status report
- ATP Message Disposition report
- Advanced Threat Protection File Types report
Let us take a look at them.
Threat protection status report
To view this report, navigate to Security & Compliance Center, go to Threat management and choose Advanced threats.
Then, for a more detailed status for any day, hover over the graph. The report will offer an aggregated count of unique email messages with malicious content (files or links) blocked by built-in ATP protection features like ATP safe links and ATP safe attachments.
Underneath the chart, you’ll see a detailed list of the detections, including subject lines and how each item was detected. Simply select an item to view its observed behavior like, whether the item was inbound or outbound, how it was detected and perform advanced analysis, if necessary.
ATP Message Disposition report
The ATP Message Disposition report basically displays the actions confirmed for email messages that were suspected to have malicious URLs or files.
For viewing this report, go to Reports section visible under the ‘Security & Compliance Center’> Dashboard and then, ATP Message Disposition.
Simply click the report to open it and get a more detailed view of the report.
Advanced Threat Protection File Types report
It informs a user about malicious website links (URLs) and malicious files detected through ATP safe links and safe attachments policies (we’ll cover this topic in our upcoming post)
To view this report, Reports section as outlined above, select ‘Dashboard’> ATP File Type.
Next, when you move your mouse cursor over a particular day, you can notice the number of malicious URLs or files were detected. Click the ATP File Types report to get a more detailed view of the report.
Thus, ATP provides a way for users to create and define policies that can ensure users access only to links in emails or attachments to emails that are identified as not malicious.