Qualysec
Blog

Office 365 Advanced Threat Protection: A Complete Overview in 2026

Office 365 Advanced Threat Protection (ATP) safeguards your organization from malware, viruses, phishing, and zero-day attacks with cloud-based security.

Published on July 9, 2026
Read Time: 17 min
Chandan SahooBy Chandan Sahoo
CONNECT WITH US

At A Glance

  • Now called Microsoft Defender for Office 365, Office 365 Advanced Threat Protection is a cloud-based email and collaboration security solution that sits on top of Exchange Online Protection to block threats that regular email filtering can’t detect.
  • In the United States alone, $2.77 billion in losses were reported due to BEC in 2024.
  • Microsoft itself stated that its users experienced more than 10,000 adversary-in-the-middle (AiTM) attacks per month in 2024.
  • Built-in tools and automated compliance scans cannot detect configuration gaps, paths to privilege escalation, or detection blind spots. Independent penetration testing of the Office 365 environment identifies these security weaknesses.

Introduction

Microsoft 365 is the worldwide most deployed enterprise productivity platform. That also makes it the world’s most targeted. More than 400 million commercial users in over 180 countries run their email, documents, collaboration, and identity management through the same platform. Hackers know what that estate looks like from the inside, and that’s where Office 365 Advanced Threat Protection comes into play.

Phishing and spoofing complaints topped the list of cybercrime complaints at 193,407 in the FBI IC3 2024 Annual Report. In 2024 alone, reported losses in the US totaled $2.77 billion with 21,442 complaints due to BEC. Since BEC was first included in IC3 reporting in 2015, total losses have exceeded $17.1 billion. These are not breaches that required exotic zero-days. The majority involved compromised credentials, misconfigured email authentication, and social engineering that standard Exchange Online Protection did not stop.

This guide covers what Office 365 ATP actually does at a technical level, how Plan 1 and Plan 2 differ in protection scope, what the most common misconfigurations look like, the Microsoft 365 security best practices that separate protected organizations from vulnerable ones, and what independent validation of the ATP configuration looks like from a penetration testing perspective.

What Is Office 365 Advanced Threat Protection (ATP)?

Office 365 Advanced Threat Protection is a service for Office 365 security, email, and collaboration that provides additional features beyond the basic email security in Exchange Online Protection (EOP). EOP offers the fundamentals of spam filtering, basic malware detection, and domain authentication enforcement – it is the core that comes with every Microsoft 365 subscription. ATP is not part of EOP. It provides capabilities such as automated investigation and response, impersonation protection, real-time URL detonation, sandboxed attachment analysis, and zero-day threat detection.

Office 365 ATP Plan 1 vs Plan 2 – Overview

The most consequential configuration decision most organizations make is which ATP plan they are running – and whether they have activated the capabilities that plan includes. Many organizations purchase Plan 2 licences and operate with Plan 1-level protection because advanced features are left unconfigured upon deployment.

Plan 1: Protection Against Advanced Threats

Available in Microsoft 365 Business Premium and certain enterprise bundles. Plan 1 covers the core real-time protection layer:

Feature What It Does
Safe Attachments Detonates email attachments in a sandbox environment before delivery. Unknown file types are opened in an isolated virtual environment; suspicious behaviour is identified, and the attachment is blocked or quarantined
Safe Links Rewrites URLs in emails at delivery time and re-evaluates them at the moment of click. A link that was clean at delivery but subsequently weaponized is blocked when the user clicks it
Anti-Phishing Policies Machine learning-based impersonation detection covering user and domain impersonation. Evaluates sender behaviour, domain similarity, and email patterns rather than signature matching alone
Anti-Spoofing (Spoof Intelligence) Identifies senders spoofing the organization’s domain or external domains. Administrators can review and block senders falsely claiming to be internal users
Real-Time Threat Detection Security operations dashboard providing live visibility into detected threats across the tenant

Plan 2: Complete SOC and Threat Hunting Ability

Available for Microsoft 365 E5, A5, and GCC G5. Plan 2 introduces features that are essential for enterprise threat management: investigation, automation, and proactive detection:

Feature What It Does
Threat Explorer Real-time investigation of email threats across the tenant – searchable, filterable threat data going back 30 days
Automated Investigation and Response (AIR) Automatic response playbook execution (quarantine, block, notify) for high-confidence alerts without waiting for analyst intervention, and automatic AI-driven triage and investigation of alerts.
Attack Simulation Training Sends realistic phishing simulations to actual users and automatically assigns targeted training based on who clicked. Provides a measurable reduction in click-through rate over time
Threat Trackers Proactive monitoring of emerging threat campaigns relevant to the organization’s industry and geography
Campaign Views Groups individual attack emails into coordinated campaign clusters, giving security teams the full picture of an attack rather than an isolated alert-by-alert investigation
Advanced Hunting KQL-based query interface across all Microsoft Defender XDR telemetry – email, endpoint, identity, and cloud apps – for custom threat detection and investigation

How Office 365 Phishing Protection Works

Phishing is the primary threat that Office 365 ATP is designed to counter. The Office 365 phishing protection mechanism matters because the most dangerous phishing attacks in 2026 are specifically engineered to evade the controls that most organizations have in place.

Anti-Phishing at the Machine Learning Layer –

ATP’s anti-phishing engine evaluates every inbound message across multiple signals simultaneously: sender reputation, domain age, header analysis, message content, embedded link destinations, and the behavioural pattern of the sending account. This multi-signal approach distinguishes itself from DMARC-based filtering, which only verifies whether the sending server is authorized to send on behalf of the domain.  In 2024, 84.2% of phishing attacks successfully passed DMARC-based filtering.

Impersonation detection is the specific capability that addresses Business Email Compromise. BEC attacks do not use malware or weaponized attachments – they use compromised or convincingly spoofed email accounts to request wire transfers, credential submissions, or sensitive data from employees. The ATP anti-phishing team trains the ML models to identify the semantic patterns, urgency signals, and sender anomalies that characterize BEC even when the email passes all authentication checks.

Safe Links – Time-of-Click Protection – 

URL-based phishing increasingly uses legitimate hosting platforms – SharePoint, OneDrive, Google Sites, Dropbox – to host the suspicious content.

Safe Links addresses this by deferring URL evaluation to the moment of click. When a user clicks a rewritten Safe Links URL, the system makes a real-time request to the destination, detonates it in a sandbox, checks the current reputation and content, and either allows or blocks the navigation – all in the time it takes the browser to redirect. Zero-day phishing pages that were clean at delivery are blocked at click time.

Safe Attachments – Sandbox Detonation – 

Traditional antivirus scans attachments against known malware signatures. A zero-day payload – one that has never been seen before – has no signature to match and passes through. Safe Attachments opens every attachment in an isolated virtual environment, executes it, and observes its behaviour. Security systems identify an attachment that begins enumerating the filesystem, making network connections, or attempting to spawn child processes as suspicious through what it does, not what it matches.

The detonation process adds latency to email delivery – Safe Attachments policies configure the system to deliver the email with a placeholder while the system analyzes the attachment, or to hold the entire message until the analysis completes. For most organizations, the dynamic delivery option (placeholder attachment while detonation runs) is the correct configuration balance between security and user experience.

Office 365 Spam Protection: Filtering is Just the Beginning!

Microsoft 365’s spam protection works at several layers, and it is crucial to understand the layered model because of the need for more configuration than the defaults.

Exchange Online Protection (EOP): The following filters are the basic filtering that is provided to all Microsoft 365 tenants by Exchange Online Protection (EOP): bulk mail thresholds, spam confidence levels, known-bad sender reputation, and standard DMARC/DKIM/SPF enforcement. EOP is effective against commodity spam and known suspicious senders. It is not effective against targeted BEC, novel phishing campaigns, or compromised legitimate accounts.

ATP Anti-Spam builds on EOP with higher-fidelity analysis, additional sender reputation signals, and the ML-based behavioural analysis that identifies sophisticated campaigns that EOP’s signature and reputation approach misses.

Office 365 Spam Protection Configuration That Most Organizations Get Wrong:

  • Bulk mail threshold set too permissively – The default BCL (Bulk Complaint Level) threshold in many tenants allows bulk mail that security-conscious organizations should be filtering more aggressively.
  • Safe sender lists that override ATP scanning – ATP policies that whitelist entire domains allow attackers to compromise any account in that domain and deliver to the organization without inspection.
  • No outbound spam policy – Compromised internal accounts sending phishing from within the tenant bypass inbound filtering entirely; outbound spam policies detect and contain this.
  • Quarantine policies with insufficient review cadence – Legitimate emails that spam filters do not review promptly create pressure to over-whitelist senders, degrading filtering efficacy over time.

Microsoft 365 Security Best Practices: The Configuration Checklist

Microsoft 365 Security Best Practices The Configuration Checklist

1. Authentication and Identity

Enable MFA on every account – 

Microsoft’s own Digital Defence Report 2025 found that more than 97% of identity attacks are password attacks in the first half of 2025. MFA eliminates the majority of password-based credential attacks. FIDO2 phishing-resistant authentication and Conditional Access session controls address the residual risk of AiTM attacks that capture session tokens after successful MFA.

Implement MFA for privileged accounts that is resistant to phishing attacks – 

FIDO2 security keys (YubiKey, Microsoft Authenticator with passkey) and Windows Hello for Business are immune to proxy attacks by a middleman. These are the only MFA methods for accounts with admin access to the Microsoft 365 tenant that cover the AiTM threat category.

Configure Conditional Access to enforce device compliance – 

Authentication alone is insufficient. Every sign-in should be evaluated against device health, location, sign-in risk, and session behaviour. Conditional Access policies that deny authentication from non-compliant devices prevent compromised credentials from granting access from an attacker’s infrastructure.

Disable legacy authentication protocols – 

Basic authentication, POP3, IMAP, and SMTP AUTH do not support MFA – an attacker with a valid password can authenticate via these protocols regardless of the MFA policy on the account. Blocking legacy authentication is the single configuration change with the highest security return for most Microsoft 365 tenants.

2. Email Authentication

Strictly implement DMARC policy (p=reject) for all domains that send e-mail –

If a DMARC policy is set to p=quarantine or p=reject, attackers are thwarted from successfully sending email that looks like it comes from the organization’s domain. For many organizations, a DMARC record in DNS is configured to p=none, which checks but does not block, allowing email to be sent from their domain using spoofed email addresses.

Set up DKIM signing for all outgoing e-mail messages –

DKIM encrypts outgoing messages so that receiving mail systems can confirm the message was not altered during transport. As part of Microsoft 365 security, it requires organizations to activate DKIM support for custom domains to strengthen email authentication and protect against spoofing.

Review and minimize SPF records –

In the Office 365 best practices checklist, the SPF records that include too many authorized senders increase the attack surface for domain abuse. SPF records that include legacy mail systems still in DNS but no longer used allow those systems to send authenticated email on the organization’s behalf.

3. ATP Policy Configuration

Set Safe Attachments to Dynamic Delivery for all users –

The default Safe Attachments configuration in many tenants is not the most protective option. Dynamic Delivery ensures that it delivers email immediately with a placeholder while it detonates the attachment – removing the incentive to disable Safe Attachments due to delivery delays.

Configure anti-phishing impersonation protection for all key personnel – 

ATP must configure its impersonation protection with the specific users and domains most likely to be impersonated – the CEO, CFO, legal counsel, and key vendors. Default impersonation protection does not automatically know who these individuals are.

Enable Safe Links for Teams, SharePoint, and OneDrive –

By default, Safe Links applies to email. Suspicious URLs shared through Microsoft Teams chats, SharePoint documents, and OneDrive-shared files require explicit policy extension to receive the same protection.

Set outbound spam filtering with automatic account disablement – 

When an internal account is compromised and begins sending spam outbound, the outbound spam policy automatically contains the incident by suspending the account after it reaches the threshold. This prevents the compromised account from sending spam indefinitely.

What ATP Does Not Cover

Understanding what ATP does not protect against is as important as understanding what it does. Over-reliance on ATP as a complete security solution leads to misconfiguration and detection blind spots that cause the breaches ATP-equipped organizations still experience.

Post-authentication lateral movement –

ATP secures email delivery and collaboration content. Once an attacker has authenticated to the Microsoft 365 tenant – through a credential they stole, a session token they captured via AiTM, or a device they compromised – they are operating inside the trust boundary. ATP does not detect lateral movement within the tenant, access to SharePoint content by a legitimately authenticated but compromised user, or OAuth application abuse, where a legitimate user grants permissions to an attacker’s app.

Insider threats –

A suspicious insider with legitimate Microsoft 365 credentials and normal access patterns is indistinguishable from a normal user from ATP’s perspective. A Microsoft 365 security assessment helps identify configuration weaknesses and security gaps that ATP does not address. Insider threat detection requires Microsoft Defender for Cloud Apps (CASB) with behavioural analytics, or third-party UEBA tooling.

Configuration drift and privilege escalation –

ATP does not audit or enforce the security configuration of the Microsoft 365 tenant itself. An administrator who grants excessive permissions, disables a protective policy for troubleshooting and forgets to re-enable it, or adds an overly permissive conditional access exclusion creates a vulnerability that ATP detection cannot compensate for.

Indirect privilege escalation and token abuse –

Advanced persistent threat (APT) actors targeting Microsoft 365 use techniques such as OAuth consent phishing, device code authentication abuse, and token theft through malicious browser extensions. ATP designs these methods to maintain persistent access while avoiding detection. These techniques appear as legitimate authentication events in the audit log.

Microsoft 365 Protection – How Qualysec Validates Your ATP Configuration

Qualysec runs independent penetration testing and security assessments for Microsoft 365 protection, addressing the gaps between ATP’s designed protection capability and the actual security posture of real-world tenant configurations.

Configuration Assessment –

Qualysec reviews the full Microsoft 365 tenant security configuration against a defined baseline covering authentication policies, ATP policy settings, Conditional Access rules, DMARC/DKIM/SPF enforcement, administrative account controls, and legacy protocol exposure. The security team documents every deviation from the security baseline with its risk impact and specific remediation steps.

Office 365 Phishing Simulation and Protection Testing –

Qualysec’s team sends real phishing emails to the client’s Microsoft 365 tenant, using the same techniques that active attackers use to bypass ATP detection. This validates whether the configured ATP policies catch real-world threats or only the commodity phishing that EOP baseline filtering already handles. Emails that reach users’ inboxes despite ATP protection document confirmed detection gaps with specific policy remediation.

Attack Path Testing Within the Tenant –

Starting from a compromised standard user account—the most realistic post-phishing scenario—Qualysec tests what an attacker can access within the Microsoft 365 tenant. This includes SharePoint data, Teams conversations, and OneDrive files. It also tests access to the mailbox content of other users and administrative interfaces. The test checks whether least-privilege enforcement, conditional Access, and Defender for Cloud Apps controls actually constrain access or whether a single compromised account provides unrestricted lateral access.

OAuth and Consent Phishing Testing –

Qualysec validates whether the tenant’s OAuth application consent policies prevent suspicious app consent attacks. It is a technique that grants a third-party application persistent access to the user’s Microsoft 365 data without requiring the user’s password, and that ATP does not prevent by default.

Compliance-Mapped Reporting –

For organizations with PCI-DSS, HIPAA, ISO 27001, or GDPR requirements, all findings are mapped to the relevant control framework. Microsoft 365 email security intersects with PCI-DSS Requirement 12.6 (security awareness), ISO 27001 Annex A 8.23 (web filtering), HIPAA §164.308(a)(5) (security awareness and training), and GDPR Article 32 (appropriate technical measures). The security assessment report functions as compliance audit evidence without requiring post-engagement translation.

Free Retest Included –

After remediation of identified findings, Qualysec retests the original scope to confirm that the fixes are in place and effective. Someone documents the retest result in writing and appends it to the original assessment report.

Want to know whether your Office 365 ATP configuration actually catches what it claims to catch? Qualysec’s team tests it – request an assessment today.

Speak Directly With Qualysec’s Certified Security Experts

Discover vulnerabilities before attackers exploit them

Schedule Free Consultation

Security Expert

Conclusion

Office 365 Advanced Threat Protection is not a set-and-forget security layer. The quality of its configuration, the discipline of the policies enforcing it, and the frequency of policy validation against the current threat landscape directly determine its effectiveness.

The organizations that experience Microsoft 365 breaches in 2026 are overwhelmingly not organizations that lack ATP. They are organizations where they deploy ATP but where they still enable legacy authentication, where Safe Links does not extend to Teams and SharePoint, where they did not configure impersonation protection for key personnel. They also never tested whether the ATP configuration actually catches the phishing attacks it was deployed to stop.

Independent penetration testing of the Microsoft 365 environment validates by testing what the configuration actually stops, not just what it is designed to stop.

Frequently Asked Questions

1. Does Office 365 Advanced Threat Protection protect against all phishing attacks?

No. Office 365 Advanced Threat Protection significantly raises the bar for phishing attacks, but does not eliminate the risk. AiTM attacks the proxy of the authentication session in real time, capturing the session token after the user completes MFA, giving the attacker authenticated access without the user’s password. FIDO2 phishing-resistant MFA is the specific control that addresses AiTM; ATP Safe Links does not protect against this attack class.

2. What is the difference between Office 365 ATP Plan 1 and Plan 2?

Plan 1 provides real-time email protection: Safe Attachments, Safe Links, anti-phishing and anti-spoofing policies, and a basic threat detection dashboard. Plan 2 adds the security operations capabilities, including Threat Explorer for real-time tenant-wide investigation and Automated Investigation and Response (AIR), which executes response playbooks without analyst intervention. It also includes Attack Simulation Training for employee phishing simulation and training.

3. What Microsoft 365 security best practices reduce email attack risk the most?

The highest-impact single configuration changes are disabling legacy authentication protocols (eliminating MFA bypass via SMTP AUTH, POP3, and IMAP) today. They also include enforcing a strict DMARC policy of p=reject on all sending domains (preventing domain spoofing) effectively everywhere. It also includes deploying phishing-resistant FIDO2 MFA for all privileged accounts (addressing AiTM attacks) across organizations today effectively. They also configure Conditional Access to block sign-ins from non-compliant devices across all managed environments effectively today. These four changes address the primary attack categories that cause most Microsoft 365 breaches, and they can implement them without additional product licensing.

4. Why does penetration testing of Office 365 remain necessary with ATP in place?

ATP is a detection-only service. It operates on email delivery and collaboration content. It does not test whether its own configuration is correct, whether conditional access policies have unintended exclusions, or whether OAuth consent policies prevent suspicious app installation. Also whether a compromised user account can access data it should not. Penetration testing runs the actual attack paths by sending real phishing emails against the ATP configuration and attempting credential-based access from external locations. It also tests lateral movement within the tenant from a compromised account and validates OAuth consent controls.

5. How often should we review Microsoft 365 security configurations?

Microsoft updates ATP detection capabilities, introduces new configuration options, and changes default settings on a continuous basis. The threat landscape against Microsoft 365 also changes continuously. A full configuration review should occur annually and after any significant change to the Microsoft 365 environment, tenant structure, or licensing tier. ATP policy configuration should be reviewed after every major Microsoft 365 security announcement.

Chandan Sahoo

About Chandan Sahoo

Chandan Kumar Sahoo is the Co-Founder and Chief Executive Officer (CEO) at Qualysec. With over 8 years of experience in security testing and software quality assurance, he leads corporate strategy and expansion, helping organizations globally secure their web, mobile, and cloud environments.

Leave a Comment.

Your email address will not be published. Required fields are marked *

Related Blogs

Subscribe to Newsletter

Get the latest cybersecurity insights, compliance tips, and vulnerability reports delivered directly to your inbox.