Umbrella IT Group - Managed Services Provider in Jacksonville Florida

Microsoft 365 ATP P2

Microsoft 365 ATP P2

About Microsoft 365 ATP (Plan 2)

You are probably reading this article because your organization uses Microsoft 365 for email, and we have implemented Advanced Threat Protection Plan 2 (or Defender for Office 365 Plan 2). It’s the same license, Microsoft keeps changing the name on us.

In short, this license is a Spam Protection/Filtering service from Microsoft, built right into the Exchange Email platform. Once the licenses are purchased for the tenant and then configured and implemented by yours truly!

New Features & What do I need to Know?

Report Message Button

If your organization doesn’t already use KnowBe4 with the Phish Alert Button, there will be a new feature added to your Outlook for spam and phishing reporting capabilities.

Report Message

This button is designed to help us at Umbrella receive and review any emails you deem suspicious. Instead of forwarding emails to the helpdesk, you can use this button to report the email and it will automatically hit our system, providing us with everything we need to analyze it.

If you suspect that you received a deceptive, malicious or spam email – you must press the Report Message button in Outlook on your device. The button is available to you on all your Outlook programs, Outlook on the Web, and even on your mobile devices.

Do not forward us any emails! When the Report Message Button is pressed and a selection is made, the referenced email gets removed from your mailbox. It then gets packaged up with the original email headers, attachments, and anything else related to the email, and forwarded over to our security team to investigate. Just click the button and forget about it, as we will investigate and take care of threats as needed.

Common Questions and Complaints

The system is designed to intelligently protect your mailbox from threats, attachments, deceptive links, spear phishing, and more. What this means is that occasionally, there will be false positives. Here’s a few common complaints and FAQ’s on the system’s functionality:

I’m not seeing email from my personal email account

This is because of the Default, Anti-Phishing Policy. Think about it like this: Someone is sending your organization emails with an identical name as you, using a generic Yahoo/Gmail/AOL email address! This is how spear phishing works, and it usually involves someone pretending to be a company insider, asking for someone to click a link or make an internal change, such as update ACH/Direct Deposit information.

These sort of emails, (external emails matching internal employee names) will be blocked by default, as a default security policy for the entire company. This is a best-practice and disabling or modifying this policy, is extremely not recommended. There may be a better way to accomplish what you’re trying to do!

Sending Pictures from my personal phone to Work

This is a common request, and the best answer is to use iCloud Photos, or Google Photos to accomplish this. When you take a picture on your phone, it gets uploaded to iCloud, or the Google Photos app. You may need to enable these options on your phone if you haven’t already and these pictures can be accessed on your computer in full, original size, by going to: Google Photos or iCloud Photos

Sending Files or Pictures from my Personal Computer or Phone – to my Work Computer or Phone

You can easily share your files with yourself by using OneDrive. The OneDrive App can be accessed from a phone application or a web browser on any device. Log on to OneDrive, download the OneDrive App for Android, or OneDrive for iOS.

Once you have the app installed or logged in, you can upload anything you like to OneDrive, and the files will magically appear either directly on your work computer (in any OneDrive Directory) or on the Web, as part of your OneDrive account.

Not Receiving Emails I am expecting

Not all spam filters are perfect, and Microsoft ATP is no exception. From time to time, ATP may flag something that should not be flagged, as a false positive. When this happens, you should check your Junk Folders and your Email Quarantine, before submitting a ticket to us. See the section in this article “Email Quarantine & Junk Folder” for more information on your Junk and Quarantine locations.

If you find that an email sender or domain is repeatedly being received in your Junk or Quarantine and you have tried to “Allow List” the sender, you can submit a ticket to us describing the issue. We may need to adjust the global policy in order to allow the sender, or address their IT department because something may be misconfigured with their email system.

Email Quarantine & Junk Folder

Junk Folder

Your User-Controlled Junk Folder is located within your folder structure in Outlook, on the left-hand side. It ultimately depends on the setup of the organization, but this folder commonly contains low-level spam and bulk emails from marketing campaigns, news, and other non-threatening junk. It’s a good idea to check this folder every now and again to make sure you haven’t missed something important, but be careful! This folder may contain more deceptive emails that were caught in junk, but should have been treated more seriously by the ATP systems.

User-Controlled Block and Allow Lists

Your junk folder allows you to control your own Allow & Block list for your own mailbox. You can even choose to fully disable the Junk Email filter (not recommended!) This allows for you to have some control over your mailbox, in case you don’t ever check your Junk folder or you are receiving too much spam in your primary mailbox.

Allow-Listing someone’s email going to Junk

Navigate to the Junk folder, and Right-Click on the email you wish to move to your inbox. This will give you a drop-down list of options, including Junk options

To move the email back to your inbox, select the Not Junk option.

Select the appropriate action for your email to Allow or Whitelist Emails

  • Never Block Sender – Add only the Sender’s Email Address to your Safe Senders List
  • Never Block Sender’s Domain – Add the entire domain ( contoso.com ) to your Safe Senders List
  • Never Block this Group or Mailing List – Add a marketing mailing list address to Safe Recipients
Blocking or Black-Listing a sender

To block something you are receiving in your inbox and send it directly to Junk, right click the email or select the Junk Options, just as you did in the previous Allow-List section. Select Block Sender.

This will make it so any email received from this sender in the future, will go directly to Junk.

Managing your Junk settings

You have full control of your junk settings on your mailbox. You can get to the full options menu by clicking on Junk Options and going to Junk E-mail Options… to open the Junk settings box.

For an in-depth breakdown of how to manage your Junk settings, check out this article!

Email Quarantine

E-mails with potentially dangerous attachments or phishing attacks will be kept in your Microsoft 365 Quarantine Location. If you are waiting on an e-mail and it has not arrived in your mailbox or junk, Quarantine is the final place to check.

Find your Quarantine Here: https://security.microsoft.com/quarantine

You will receive a summary of any items caught in quarantine for you to review on a daily basis, typically in the morning. This is what a typical quarantine email looks like:

You will have three options: Block SenderRelease and Review.

These options are self-explanatory, and you are not required to take any action on quarantined emails. Emails stuck in quarantine will self-destruct in 30 days if not actioned.

Unfortunately, you do not have the same level of control with Quarantine as you do with your Junk. This is by design, because quarantine is managed by Company Policy as well as intelligent threat recognition patterns.

If you need help with a persistent whitelist or blacklist issue or have any questions, please don’t hesitate to submit a ticket or give us a call!

Copyright © 2024. Umbrella IT Group. All rights reserved.

Privacy Policy and Terms. Powered by Loomo.