This session encompasses overview of Exchange Online Protection (EOP), troubleshooting and preventive measures for SPAM & Phishing attack scenarios. Learn how Advance Threat Protection (ATP) prevents these attacks.
Timestamps:
00:00.00 Introduction
00:00:48 Agenda
00:02:27 Types of Attack
00:11:07 EOP
00:12:46 Inbound Filtering
00:17:29 Outbound Filtering
00:20:31 Precautions\Preventive Measures
00:21:23 ATP
00:47:02 SPF\DKIM\DMARC
01:01:16 ZAP
01:02:38 Submissions
01:08:59 Attack Simulator in Office 365
01:17:32 Troubleshooting
References:
Extended Message Trace
https://social.technet.microsoft.com/wiki/contents/articles/29967.steps-to-perform-anextended-message-trace-in-office-365.aspx
ATP reporting
Office 365 ATP includes an advanced reporting dashboard to monitor your ATP performance and includes the below reporting features.
• Threat Explorer (or real-time detections) https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer?view=o365-worldwide
• Threat Protection Status report https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide#threat-protection-status-report
• ATP File Types report https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide#atp-file-types-report
• ATP Message Disposition report https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide#atp-message-disposition-report
Threat investigation and response capabilities
• Threat trackers https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-trackers?view=o365-worldwide
• Threat Explorer (or real-time detections) https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer?view=o365-worldwide
• Attack Simulator https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide
Automated investigation and response (AIR) https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide
Office 365 ATP Plan 2 will now include automated investigation and response (AIR) capabilities. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide
DKIM in Office 365
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-tovalidate-outbound-email
Authenticated Received Chain (ARC)
https://docs.microsoft.com/en-US/office365/troubleshoot/antispam/sender-rewriting-scheme
Zero-hour auto purge (ZAP)
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide