NEW! Advanced Threat Protection
- Dan Hill (Unlicensed)
- Helen Ho
Welcome to a safer experience with Advanced Threat Protection (ATP)
U of T's advanced threat protection initiative uses Microsoft 365 Defender, a cloud-based service, to help protect the University against unknown malware and viruses. These new security features provide an added layer of protection to identified users' Microsoft 365 accounts and safeguard them against malicious threats posed by attachments and links (URLs) in email messages and links in documents.
Instructions
Here's how you equip yourself with ATP!
SAFE LINKS (EMAIL)
Safe Links use Microsoft threat detection software to check all URLs found in incoming emails. Safe Links will check the URLs of all email links automatically. You can also copy and paste the Safe Link as you would with a normal link. If the link is determined to be safe, it will work as expected.
You can convert Safe Links URLs back to regular URLs by using this tool: https://o365atp.com/ . Paste the Safe Links URL into the first box, and the converted URL will appear in the second box.
SAFE LINKS (DOCUMENTS)
Safe Links in documents use Microsoft threat detection software to check every URL in supported Microsoft 365 apps, such as Word, PowerPoint, or Excel. Safe Links performs a scan on every URL you click, and will open them as normal if they are safe to view.
If the link contains malicious content, a warning may be displayed:
You can convert Safe Links URLs back to regular URLs by using this tool: https://o365atp.com/ . Paste the Safe Links URL into the first box, and the converted URL will appear in the second box.
SAFE ATTACHMENTS
Safe Attachments use Microsoft threat detection software to protect users from attachments that may contain malicious code or actions. It works in the following way:
Email attachments are opened in a virtual ‘Sandbox’ environment in Microsoft 365-- not on your computer.
Email attachments are automatically checked for malicious content. However, please note that encrypted mail or password-protected attachments cannot be scanned, so please be sure that you are expecting mail containing these documents before opening them.
If the attachment is safe, the email continues to your inbox
If the attachment is unsafe, the email will be received but not the attachment. The attachment will be replaced with a text file called “Malware Alert Text.txt”, which contains the following message: “Malware was detected by Safe Attachments in one or more attachments included with this email message. Action: All attachments have been removed.”
SAFE DOCUMENTS
Safe Documents automatically verifies Office documents such as a Word, Excel, or PowerPoint file against the latest known risks and threats. When you open a file, it will launch in Protected View mode (meaning it cannot be edited) until the scan is complete.
Once the scan is complete, you will see an updated message. If the file is safe, you can enable editing.
If the file is malicious, you will receive a notification and will not be able to edit it.
FAQs
If I get a malicious email, document, or attachment, who should I report it to?
If you receive a malicious email, document, or attachment, please report it to Information Security by forwarding the email to report.phishing@utoronto.ca.
What should I do if Microsoft marks a legitimate URL or attachment as malicious?
If you are blocked from accessing a URL, attachment, or document you believe to be safe, please submit a ticket to the Enterprise Service Center at http://uoft.me/m365help . They will mark the URL, attachment or document so it is no longer identified as malicious.
Does Microsoft read my files, documents, or emails?
No-- Microsoft only uses machine learning to scan for malicious content, but no one will ever view them. The links and attachments within your emails/documents are only viewed by Safe Links when you open them.
Do I need to use Advanced Threat Protection?
These security features are used by researchers, faculty and staff to prevent cyber-attacks. They help to protect your documents and information from malware and viruses, and should not cause disruption to your regular workflow unless a threat is detected.