Office 365 ATP (Advanced Threats Protection) is an advanced protection solution provided by Office 365, already available for Exchange Online and for few months on Office Click To Run (see to learn more about ATP https://support.office.com/en-us/article/Office-365-Advanced-Threat-Protection-e100fe7c-f2a1-4b7d-9e08-622330b83653?ui=en-US&rs=en-US&ad=US)
The solution is used to deeply analyzed URL’s and attachments before letting end-users accessing it.
Now, Office 365 ATP is also available (through Office 365 E5 [enterprise and education] or additional Office 365 subscriptions for other plans) for SharePoint Online and Teams.
This works exactly the same way than it does for Exchange and Office Click to Run.
To enable ATP for SharePoint and Teams, go to the Security and Compliance administration center (https://protection.office.com/)
Then go to Threat Management\Policy
Then check the box Turn on ATP for SharePoint, OneDrive and Microsoft Teams to enable ATP for these workloads
Then it make take up to 30 minutes to be completed.
Once ATP detects a malicious file a notification will be displayed on the SharePoint web page and blocks access to the infected file (screenshot courtesy of Microsoft)
As administrator you can also create an alert to get notified when an infected file is detected on SharePoint, OneDrive or Teams.
While still in the Security and Compliance portal, reach out to the Alerts\Alert policies section
And create a new alert policy with the following settings:
- Name: name the alert policy as you want
- Severity: set the severity as you wish (between low, medium and high)
- Category: Threat management
- Activity is: Detected malware in file
- Leave other settings as default
- and finally define the recipient(s) for this alert