Skip to the main content.

2 min read

How to Set Up Office 365 Advanced Threat Protection

Featured Image

In this blog post, we're going to walk you through the step-by-step process for setting up Office 365 Advanced Threat Protection (ATP). Although setting up ATP is a great move, it is only one portion (though an important one) of a comprehensive email security strategy.

This blog is the 4th post of a 5 post series titled Your Complete Guide to Microsoft Email Security. The 5 steps to email security are:

  1. Configure DKIM, DMARC, SPF
  2. Deploy EOP (Exchange Online Protection)
  3. Set up Office Message Encryption
  4. Enable Office 365 ATP (Advanced Threat Protection) - this blog
  5. Enable Office 365 MFA with Authenticator App

Office 365 ATP Setup

There are three parts to setting up Office 365 Advanced Threat Protection:

  1. Office 365 ATP Safe Attachments
  2. Office 365 ATP Safe Links
  3. Office 365 ATP Anti-Phishing

To enable Office 365 ATP you will need one of the follow licenses:

OK, let's get started!

  1. Go to using an 'incognito' (private) session on a Chrome browser
  2. Sign In using your global admin credentials
  3. Click on Threat Management
  4. Click on Policy

Part 1 - Office 365 ATP Safe Attachments

Once the appropriate licenses are assigned to all of your users, follow these steps to implement the 'Safe Links' feature:

  1. Click on ATP safe attachments
  2. Enable the check box for Turn on ATP for SharePoint, OneDrive, and Microsoft Teams

Office 365 ATP Safe Attachments

  1. Click on +

set up Office 365 ATP safe attachments

  1. Give a name to your policy
  2. Select the Replace option
  3. Turn on Enable redirect and enter the alias of the IT Manager or IT team = so we receive a ticket

Option 1 - More restrictive policy

more restrictive ATP safe attachments policy

Option 2 - Less restrictive policy

less restrictive ATP Safe attachments

Check the box for Apply the above selection if malware scanning for attachments times out or error occurs

Apply the rule "If the recipient domain is"

ATP safe links malware scanning

Click the Save button

Note: It can take from 5 sec to 5 min to apply settings to tenant


Part 2 - Office 365 ATP Safe Links

Click on ATP Safe Links, then Double-click on Default 

create default ATP safe links rule

A popup window will open

  1. Check the box for Office 365 Apps, Office for iOS and Android
  2. Check the box for Do not track when users click safe links
  3. Check the box for Do not let users click through safe links to original URL
  4. Click Save

ATP Safe Links Policy Configuration

ATP Safe Links has been set up!


Part 3 - ATP Anti-phishing


  1. Click on Anti-phishing
  2. Click on Default policy

Create ATP Anti-Phishing policy

The following window will show up:

Edit ATP Anti-Phishing Policy

Within the Impersonation section, click Edit

ATP Impersonation policy

  1. Switch the button from Off to On
  2. Click Add user
  3. Add the Email address of the user and click Save (note: you cannot add more than one user at a time).
  4. Repeat steps 5 and 6 until you have added all users
  5. Click on Add domains to protect

ATP Impersonation Policy domain

  1. Turn on Automatically include the domains I own and Include custom domains
  2. Click on Actions

ATP Anti-Phish Editing Actions

  1. Under if email is sent by an impersonated user, select Move message to the recipients' Junk Email folders
  2. Under if email is sent by an impersonated domain, select Move message to the recipients' Junk Email folders
  3. Click on the link Turn on impersonation safety tips

ATP Anti-Phishing Safety Tips

  1. Turn on all 3 switches (Show tip for impersonated users, Show tip for impersonated domains, and Show tip for unusual characters)
  2. Click Save
  3. Click on Mailbox Intelligence

Mailbox intelligence - Office 365 ATP

  1. Turn on Enable mailbox intelligence
  2. Turn on Enable mailbox intelligence based impersonation protection
  3. Under if email is sent by an impersonated user, select Move message to the recipients' Junk Email folder
  4. Select Add trusted senders and domains. You should have nothing to do there
  5. Click on Review your settings
  6. Once you have reviewed the settings and everything looks good to you, click Save
  7. Click Close

Congratulations! The settings for Anti-Phishing are now all set up!

Not looking to do this yourself? 

Schedule a meeting with us to learn more about implementing Office 365 ATP and all the other email security tools offered by Microsoft.

Schedule a meeting

Leave us a comment!

BEMO Announces SOC 2 Type II Attestation

At BEMO, we are driven by a relentless pursuit of excellence in everything we do. Today, we are thrilled to share a significant milestone in our...

Read More

What is a Compliance Officer?

In the world of business regulations, where laws and guidelines can become as complex as a mystery, there exists a steadfast guardian – the...

Read More

Top 8 Questions to Ask a Compliance Provider

If you are in the market for a Compliance Provider to help you achieve attestation with a framework like SOC 2, HIPAA, NIST 800-171, ISO 27001, or...

Read More