Did you know that your Microsoft 365 (or O365) subscription likely gives you the option to add a robust security solution? In Wasted Security Resources, You’re Not Getting the Most Out of Your Security Resources, Corey addressed the fact that at TRUE, our security teams often come across organizations who rush to buy new security solutions before evaluating and maximizing what they already have. The fact is, many organizations that use Microsoft’s O365 platform for email and collaboration do not utilize the Advance Threat Protection (ATP) that is built-in. Yes, unless your company has purchased the 365 Business Premium or E5 and higher license, the ATP will need to be purchased as an add-on, and the reason many opt out of the ATP is due to the associated cost per user to enable this feature. However, in many cases, adding this to your licensing will save you from having to spend more money to lock down endpoints with other technologies, not to mention the time to vet, configure, integrate, and roll those technologies out. Considering the fact that it is native to a platform you are probably already using, and the cost of a security incident can be far higher than the cost to expand your subscription, Microsoft ATP is definitely worth a second look when it’s time to evaluate next steps in your security posture.
Office 365 ATP Plans
There are two plans to choose from, Office 365 ATP Plan 1 and Plan 2. Plan 1 includes safe attachment and links, anti-phishing protection, real time detections and coverage on SharePoint, OneDrive and Teams. Plan 2 includes all of Plan 1 along with attack simulators, threat trackers/explorers and automation for response to these threats. For many companies, plan 1 will suffice and provide a quality and safe experience when implemented correctly.
Although there are default policies in place for ATP, it is up to your global administrator to review, augment, and implement these policies to fit the needs of your unique organization. As an example, a company that primarily does business locally within their tri-county area would benefit from having Geolocation blocks for countries outside of the united states implemented. Out of the box these blocks are not configured, and ATP solely relies on default settings applied until Admins adjusts the policies in the Protection Portal. Another example would be for a world traveler who could be in Ireland one week and France the following week. Setting up alerts to notify the company when the user is logging in from location outside of the known are, the admins can verify if the traveler’s account has been compromised during their travels.
Safe Links and Safe Attachments
The safety net of Safe Links and Safe attachments allows your admins to block specific file types or even links embedded within an email or attachment. Would be criminals employ a wide range of tactics to engage with end users and compromise their accounts or the company’s infrastructure. A few ways to do this are to provide a faux link to sign back in through a page meant to look identical to the real sign in page. Another method of compromise is to send an attachment in the email that when downloaded launches a script to download from another site to gain control or steal information. With Safe Links protection, these links will be scanned and the email quarantined if the link fails to pass the policies set in place. The Safe attachments policies will allow admins to block file types your company does not normally deal with. The policies are easily customizable and can be modified and created to fit your companies needs in order to keep your company safe from the outside.
With Plan 2 the ability to track threats and create simulations helps the company mitigate threats before they occur by testing that the policies created work. Nothing pains a company more than thinking the settings and roadblocks they put in place work, then watch as something they wanted blocked come straight through the front door. If the budget allows it, upgrade to Plan 2 or a license that encapsulates Plan 2 to be ready and proactive with your O365 environment.
Microsoft 365 Built-in Solution
If your users are already working in Microsoft 365 and you objectively consider the wide security benefits of Microsoft ATP, it really makes sense to avail yourself of this built-in solution. In 2021’s expanded threat landscape, the cost-benefit analysis is likely to return the verdict that the time, money, and brand compromise costs of a cybersecurity incident are far higher than the cost of adding ATP to your existing subscription, and that ATP is likely more efficient and cost effective than other third-party solutions that promise the same functionalities.
If you would like help navigating Microsoft’s licensing structures, or if you would like to talk to someone who can help you with implementation and documentation of Microsoft ATP, you can request a consultation with a TRUE professional.