Microsoft updates its protection against malware and zero day attacks in Exchange Online
Microsoft employs multiple methods in Exchange Online to protect end users from spam, viruses, and malware. First, Exchange Online Protection does a good job quarantining/cleaning known viruses and malware from email, and is a native service included with Exchange Online. But if users are sent new/undetected malware that looks legit enough to open, how can the organization stay protected? Advanced Threat Protection (ATP) protects the user and organization at the time of the click, not just at the time of delivery. ATP is part of the E5 licensing sku and is also available a la carte for $2/user/month.
Read more about how Advanced Threat Protection works.
Late last month, Advanced Threat Protection received a couple improvements, mainly to alert users of the status of the scans that it’s doing in the background. First, when an email arrives with a potentially dangerous URL, the browser will interrupt the user rather than just opening the site. Microsoft proactively will scan for malicious links, but it may take a few minutes. If the click-happy user tries to open the link before the scan is complete, the browser pops with a warning asking them to wait until the scan is complete.
In the past, when a user was sent an email with a potentially malicious attachment, Microsoft would hold the entire email until it was scanned. Now, it will deliver a copy of the message, but holds the attachment until it is safely scanned, at which point it’s put back into the message.