Office 365 Advanced Threat Protection: Upside and Pitfalls

Office 365 Advanced Threat Protection (ATP) is a much-ballyhooed solution built to protect organizations from malicious attacks via multiple functionalities, including:

• Scanning email attachments for malware
• Scanning URLs in email messages and Office documents
• Identifying and blocking malicious files in SharePoint, OneDrive and Microsoft Teams
• Checking email messages for unauthorized spoofing
• Detecting when someone attempts to impersonate your users and your organization’s custom domains through built-in anti-phishing capabilities

The product has strengths in its ability to set granular policies for its anti-phishing, safe links and safe attachments functions, as well as reporting to Microsoft which has a broad swath of deployments and visibility to a variety of threats (despite the prevalence of 3^rd party filtering and security solutions for Office 365, which makes this somewhat less of a value-add).

Microsoft defines its ATP solution as a significant step up from its Exchange Online Protection service for email filtering, however we and many others can tell you that Exchange Online Protection as a spam filter is full of problems of its own. There are additional perceived limitations for many customers and service providers as to the availability Office 365 Advanced Threat Protection across Exchange Online, Business, Enterprise and A plans. Click tracking and the bundled nature of Microsoft’s packages make these options generally attractive for the average SME, but the overall limitations of the service are starkly apparent when considering the variety of issues present within ATP and with the services that often are (or aren’t) bundled along with it.

Limited protection from Intra-O365 Phishing

On top of EOP’s inherent limitations and underdeveloped technology, Office 365 suffers from certain infrastructural oddities that seem to effectively whitelist phishing messages sent between Office 365 tenants. Office 365 phishing is a significant risk because even as an organization may be protected from the outside, there are over 120 million commercial customers and 1 billion users on Office 365, significantly expanding the apparently “protected” pool from which malicious emails can be sent. This can lead to frequent and perpetual account compromises, a snowball effect which not only puts data and transactions at risk, but also adds up to thousands of dollars in wasted IT time and other costs per year.

No contingency for Email Outages

This is not necessarily a flaw of ATP in itself, as Office 365 Advanced Threat Protection is not meant to include this as a feature, but when considering the possibility of an Office 365 email outage as both very real and quite frequent, 3^rd party security providers have anticipated such needs and deploy solutions that permit you to spool email and gain access to an emergency inbox so that productivity is maintained despite situations where email may be unavailable. Vircom’s modusCloud Email Continuity service is one such solution.

No usability concerns for Archiving

Again, not a flaw of ATP, but important to consider as bundling your solution with Microsoft is usually motivated by a desire to save money, you may get more overall value from a third-party solution. Native Office 365 Email Archiving presents some benefits, but generally lacks speed and legal defensibility that’s required by compliance-driven organizations, ultimately limiting its ability to achieve the primary purpose for which most buy email archiving – namely: regulatory compliance.

Overall hidden costs that add up vs 3^rd Party Services

Large-scale software implementations can often bear hidden costs, but those particular to Office 365 can be truly difficult to swallow. Not only are there inherent limitations to Office 365 Advanced Threat Protection, but your time spent addressing them can only add to Office 365’s hidden costs.

Vircom offers Office 365 email security that gives your organization both more usability and more protection from malicious attacks and regulatory risks. modusCloud’s cloud email security can provide for all needs that O365’s might not, while additionally providing email continuity, email encryption and email archiving that adds true value to organization’s seeking to maximize their safety and productivity.

Office 365 offers a powerful suite of services for Managed Services Providers as well as end-customer organizations, and protecting O365 email while managing billing and mailbox counts is now easier than ever through Vircom’s new email security integration for ConnectWise Manage. Learn more by becoming a partner today!