Office 365 ATP – Ignite Recap and Product UpdatesDecember 3, 2019
Following an incredible Ignite conference in November, I’d like to share a short summary of the product enhancements we’ve announced. Below you’ll find links to the full Ignite sessions as well as a few other helpful links, so please take a look!
Misconfiguration causes 20% of phishing emails to be delivered to users’ inboxes
Across the Office 365 service we see that tenant-specific configurations cause discrepancy between potential effectiveness of our defenses and the realized effectiveness by organizations. Your security posture requires regular tuning, as historical settings become ineffective, new attack scenarios develop, and new controls need to be enabled. At Ignite we announced new recommended settings in both a standard and strict variant, so your organization can decide which configurations are best for your users. Check out the recommended settings we just published, or try out the O365 ATP Recommended Configuration Analyzer (ORCA) in your environment. Be sure to watch our best practices breakout session at Ignite for plenty more.
Reduce the burden on security operations teams by leveraging Automated Incident Response
Today’s security operations teams are drowning in alerts and need help responding to incidents in a rapid and efficient way. Office 365 ATP Automated Incident Response can dramatically improve the effectiveness of your organization’s security teams by addressing some of the most common threats through advanced automation. In September, we announced general availability of AIR, and at Ignite we showcased this capability and demonstrated its power. Read the blog post from September, or watch the full breakout session from Ignite.
Get a clear picture of users that may have been compromised
Utilize alerts and the investigation graph to identify suspicious user activity and possible compromise. View the Compromised Users report in the Security and Compliance center or take proactive measures such as outbound spam sending limits to curb post-compromise actions. Leverage the automatic investigation of compromise user alerts to assess the “blast radius” of the compromise and reduce further impact. Read the blog post we released in November announcing the preview of this feature, and watch the theater session on account compromise from Ignite.
Evaluate the effectiveness of Office 365 ATP in your own environment
The full Office 365 ATP stack analyzes your mail traffic through a rigorous multi-step process to thoroughly assess and block malicious intent. This is why we firmly believe this is the best protection for your O365 email and collaboration and we have data to prove it. Watch the Superlative Protection, Unparalleled Intelligence breakout session from Ignite to learn more.
We also appreciate the desire to evaluate our stack for yourselves and encourage you to do so. Do not fall prey to inferior evaluation strategies (whether via a journaling rule or other methods that do not use real email traffic between real senders and recipients) that negate most of the Office ATP stack. We explain more in the session above. We understand the challenge involved with effectively evaluating the ATP suite, and so we’ve created a simple process to help address this problem. ATP evaluation mode can be set up using a quick four step wizard and is configurable to work with most routing scenarios. Watch the session above to learn more. This is currently in a private preview, but you can get access to this by contacting your account manager.
As always, please check out What’s new in Office 365 ATP for the latest updates.