Download presentation
Presentation is loading. Please wait.
1
Demo Advanced Threat Protection
INSTRUCTIONS: Set Screen Resolution to 1920x1080 Start the Slide Show If you are projecting to a second monitor, use Presenter View on your PC to read the talk track and see where to click next (note that this is a PowerPoint, so the “clicks” are intended to make the presentation as close to a Live Code demo as possible)
2
Microsoft has made great investments for Office 365 in the area of compliance. Exchange Online Protection has been in place for a while in Office 365. In the Exchange admin center, administrators can create filtering policies for different types of content. CLICK STEP(S) Click Exchange in the left nav.
3
CLICK STEP(S) Click protection in the left nav.
4
With spam filtering, administrators can use risk levels to enhance their organizations’ bulk protection capabilities. The higher the threshold is set, the more bulk that can get through to users. CLICK STEP(S) Click the pen icon to edit the rule.
5
CLICK STEP(S) Click spam and bulk actions in the left nav.
6
CLICK STEP(S) Click the drop down under Bulk in the left nav.
7
The higher the threshold is set, the more bulk email that can get through to users.
CLICK STEP(S) Click Cancel.
8
IP addresses can also be blocked.
CLICK STEP(S) Click connection filter.
9
Of course, administrators cannot possibly identify every potentially harmful IP address.
CLICK STEP(S) Click the pen icon to edit the rule.
10
CLICK STEP(S) Click connection filtering.
11
Microsoft provides them with a safe list, a growing list of IP addresses that are known to be benign. CLICK STEP(S) Click Cancel.
12
Administrators can also implement policies that detect malware in individual messages, whether intentional or not. CLICK STEP(S) Click malware filter.
13
CLICK STEP(S) Click the pen icon to edit the rule.
14
CLICK STEP(S) Click settings.
15
As a response to detection, the messages can be deleted, or they can be delivered with attachments removed from them. CLICK STEP(S) Click the right scroll bar to scroll down to show the admin field.
16
Notifications about malware detection can be sent to both internal and external senders as well as administrators. CLICK STEP(S) Click Cancel.
17
Advanced Threat Protection (ATP) expands on existing content filtering capabilities, hardening organizational environments. CLICK STEP(S) Click advanced threats in the left nav.
18
Malware filtering policies in the protection area of the Exchange admin center work great for threats that are known by anti-virus programs and that have corresponding signature files. ATP goes even further by using Safe Attachments to detect threats that are unknown by anti-virus programs. CLICK STEP(S) Click the pen icon to edit the policy.
19
With Safe Attachments, messages containing attachments are routed through a detonation chamber, where they are analyzed for potentially malicious behavior. CLICK STEP(S) Click settings in the left nav.
20
If, for example, an attachment is trying to access a user’s registry, a Safe Attachment policy can block that attachment, replace it, or simply monitor the scan results. Additionally, administrators can redirect blocked, replaced, or monitored attachments to a specific address. CLICK STEP(S) Click Cancel.
21
ATP also uses Safe Links to scan messages and detect potentially malicious URLs, like those from phishing scams. CLICK STEP(S) Click safe links.
22
CLICK STEP(S) Click the pen icon to edit the policy.
23
Safe Link policies check URLs against a list of known malicious links.
CLICK STEP(S) Click settings.
24
A link can then be rewritten so that, when clicked, users are redirected to a protective shell and notified that the original URL has been classified as malicious. Administrators can track user clicks to these links and allow users to click through to the original URLs. Administrators can also identify a list of URLs that should not be rewritten, should they happen to inadvertently end up on the list of known malicious links. CLICK STEP(S) Click Cancel.
25
The information worker experience for ATP is all about protection.
CLICK STEP(S) Click the Edge browser to show Sara’s OWA experience.
26
Here, Alex has sent Sara a message with an attachment.
CLICK STEP(S) Click the third message, from Alex Darrow.
27
The organization’s Safe Attachment policy detected that there were unverified signatures in the attachment and thus blocked it. CLICK STEP(S) Click the attachment (Keys.js).
28
CLICK STEP(S) Click OK.
29
In the message, Sara still has access to the original message body, but the malware threat was removed. Meanwhile, the attachment was redirected to the administrator for further analysis. CLICK STEP(S) Click the first message, from Alex Darrow as well.
30
In this message about cheap flights, she clicks a known phishing link.
CLICK STEP(S) Click “site”, the hyperlink in the message.
31
The organization’s Safe Link policy found that link to be malicious and rewrote it. Sara is thus redirected to a protective shell, which alerts her about the classification of that URL. CLICK STEP(S) Click the “Mail – Sara Davis – Outlook” tab in Edge.
32
The policy is selective enough to remove only malicious links
The policy is selective enough to remove only malicious links. Even within a single with both safe and malicious links, only the malicious links will be removed. CLICK STEP(S) Click the “Bing” hyperlink.
33
Within that same message about cheap flights, Sara clicks the link in the signature line and navigates to Bing.com as expected. Back in the Exchange admin center…. CLICK STEP(S) Click the Edge browser in the bottom to switch to the admin center.
34
…. administrators can review a report that tracks individual user clicks of malicious URLs in messages. CLICK STEP(S) Click mail flow in the left nav.
35
CLICK STEP(S) Click url trace.
36
The report contains URL traces from the previous seven days
The report contains URL traces from the previous seven days. These traces and can be filtered by date and time, by recipients, or by a list of exact URLs. CLICK STEP(S) Click in the right scroll bar to scroll down.
37
Here, the administrator filters with Sara as the recipient to see her recent trace activities, which includes the URLs that were rewritten. CLICK STEP(S) Click add recipient.
38
CLICK STEP(S) Click Sara Davis.
39
CLICK STEP(S) Click add.
40
CLICK STEP(S) Click OK.
41
CLICK STEP(S) Click the right scroll bar to scroll down.
42
CLICK STEP(S) Click search.
43
<Results do not show up>
As shown in this demo, Microsoft has made great investments in the Exchange admin center to expand threat protection in Office 365.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.