Phishing emails are a problem. Phishing is an online fraud technique that lures unsuspecting users to share personal information like email credentials and even banking information with the bad guys of the internet. With this kind of info being shared, the bad guys can apply for credit, empty bank accounts, or even try to lure other users in your address book into sharing their information. Training your users to spot phishing e-mails is still one of the best ways of preventing this form of online fraud.

As a Microsoft Office 365 administrator, you might be wondering: Why are these kinds of e-mails still managing to get delivered to my users?

Doesn’t Exchange Online Protection Block Phishing E-mails?

All Office 365 Subscriptions with Exchange Online come with Exchange Online Protection (EOP). The way EOP works, in a nutshell, is that email goes through various levels of filtering – connection filtering, policy filtering, and content filtering – before being delivered to a mailbox.  EOP is great for blocking malware and spam from being delivered to your user mailboxes. The problem with some of these phishing e-mails is that they are so simple. No attachments, no code embedded into the body… just text and HTML with a link to a URL. These kinds of e-mails tend to slip past most spam filters including EOP.

Office 365 Advanced Threat Protection

This is where Office 365 Advanced Threat Protection (ATP) comes in. ATP adds another layer of security on top of EOP that can prevent phishing e-mails from being delivered to user mailboxes… and more! ATP gives you 3 unique protection features: ATP anti-phishing, ATP safe attachments, and ATP Safe links.  All three features are policy based so Office 365 Administrators can configure each policy to align with their organization’s security best practices.

Office 365 Advanced Threat Protection

Office 365 Advanced Threat Protection (ATP) anti-phishing checks incoming emails using multiple machine learning models to determine if the message has indicators of it being a phishing message. If it’s determined to be a phishing email, the policy can be configured to automatically send it quarantine as an example.

ATP Safe Attachments can prevent malicious attachments from impacting your Office 365 Email, Microsoft Teams, OneDrive, or SharePoint sites. Content goes through a real time behavioral malware analysis that uses machine learning techniques to evaluate the content. If unsafe attachments are found the policy can be configured so they are removed automatically.

ATP Safe Links scans web addresses in email messages and within Office documents. Office 365 administrators can configure a policy so if a malicious link is found it will prevent users from visiting the site and even display a message informing the user that the link is malicious.

Office 365 Advanced Threat Protection in the Real World

I manage multiple Office 365 subscriptions for my customers. Some of them have been targeted by phishing campaigns where users may receive multiple phishing e-mails a day, with some even impersonating domains they work with regularly. What’s scary is some of the phishing e-mails even appear to look like they’re from Office 365.  Take a look at one sample below:

If you have an Office 365 E5 plan, you automatically have Office 365 Advanced Threat Protection included in your subscription. However, you need to configure ATP anti-phishing, ATP Safe Attachments, and ATP Safe Links policies for the features to be enabled; otherwise, your users won’t benefit from the added protection of ATP. For my customers who do not have an E5 plan, they were able to add ATP onto their existing Office 365 plans for $2.40 CAD per user.

For my customers who were targeted by phishing campaigns, they noticed a night and day difference after I configured and deployed ATP anti-phishing policies. What I like about the ATP policies is the fact I can create global policies that cover the entire organization or create more granular policies that apply to only specific users or groups. This allowed me to create a global ATP anti-phishing policy, targeted user policy and targeted group policy to reduce the number of phishing e-mails being sent to user mailboxes. Now users can focus more on their tasks and less on deleting and notifying IT about phishing e-mails.

Need Help with Your Office 365?

If you need help with your Office 365 environment but not sure where to start, Imaginet is here to help. Our Imaginet certified Office 365 experts can help you get started with any of your Office 365 initiatives. To find out more, schedule your free consultation call with Imaginet today.


Request Your Free Consultation


Imaginet is your trusted technology partner who turns your business innovation ideas into reality. 20+ years | 1200+ satisfied customers | 2500+ successful engagements. Primary services include Web Application Development, Mobile App Development, and SharePoint consulting services, with additional specialties in Power BI & Business Intelligence, Office 365, Azure, Visual Studio, TFS, & VSTS, Skype for Business, and more. Located in the United States (Dallas, TX) and Canada (Winnipeg, MB) with services offered worldwide. Contact us today at or 1-800-989-6022.

Roy Polvorosa

About Roy Polvorosa

Roy Polvorosa is an Imaginet Infrastructure Specialist that focuses on deploying and supporting Microsoft technologies. During his time at Imaginet, Roy has focused his infrastructure skills towards SharePoint, Office 365, and Azure cloud offerings. Roy has rich experience deploying and supporting clients that have multiple sites and a variety of support needs. Roy further extends his knowledge by supporting Imaginet internal developers and their variety of database and application servers needed to support 20+ simultaneous development projects.

Let‘s Talk.
  • Let's Talk

  • This field is for validation purposes and should be left unchanged.