Microsoft Office 365 Advanced Threat Protection - Wait for it...

When it's cold outside, it helps to dress in layers to keep warm - one layer may wick moisture away from the skin, another can insulate, and an external layer provides a barrier against wind. While not as eye-catching as flap-bottom underwear and parka, Microsoft's Exchange Online employs a similar multi-layered approach to keeping email secure. One of those layers - Advanced Threat Protection (ATP) - was recently updated and I decided to try it on.

One of the benefits of Advanced Threat Protection is sandboxing of attachments. Delivery of an email attachment is delayed while the attachment is scanned and opened in a sandbox environment. Only if the attachment is safe, the message released for delivery. Microsoft expects typical delays to be 2-7 minutes but delays could be up to 30 minutes for larger attachments.

Dynamic Delivery changes the behavior of ATP by delivering the body of the email with a placeholder that indicates the attachment is being scanned. After the attachment is deemed safe, the placeholder is replaced with the actual attachment. The benefit of Dynamic Delivery is that the recipient can see the email, read and respond to the message immediately while waiting for the scan to complete. While email is typically a communication medium that is tolerant of minor delays, waiting 30 minutes to know if an email was sent or received can be a problem. Dynamic Delivery helps users on both ends of a conversation know that a message was delivered and gives visibility to the attachment scanning process.

I tested the process with two emails containing attachments of different sizes and found Dynamic Delivery gave me immediate feedback as advertised. Using an external account, I simultaneously sent myself an email with a 500 KB attachment and an email with a 5 MB attachment. My recipient account received both emails almost instantly, and both showed placeholders indicating the attachments were being scanned. The smaller attachment appeared after 2 minutes, and the larger after 4 minutes. I was able to read and work with the emails while the scanning occurred, and, at least in my case, I'm happy for the extra layer of protection keeping malware out of my inbox.

If you're interested in learning more about Advanced Threat Protection or other security initiatives, call us at 800.698.1686 or email us - we’re happy to help. 

Written by: Brian Edwards - 2/17/2017