Evolving Office 365 Advanced Threat Protection with URL Detonation and Dynamic Delivery
We built Office 365 Advanced Threat Protection to provide nearly unparalleled email security with little impact on productivity. Advanced Threat Protection defends your organization from today’s growing and evolving advanced threats with powerful safeguards like Safe Links, which provides time-of-click protection to help prevent users from opening or accessing malicious links, and Safe Attachments, which protects users from opening malicious email attachments. Today, we’re pleased to announce availability of two new capabilities—URL Detonation and Dynamic Delivery—which improve the security Advanced Threat Protection provides while keeping people productive.
General availability of URL Detonation
URL Detonation helps prevent your users from being compromised by files linked to malicious URLs.
Email with malicious link to PDF file.
When a user receives an email, Advanced Threat Protection analyzes the URLs for malicious behavior. This new capability is in addition to the URL reputation checks that Advanced Threat Protection already does. If the user clicks a link during the scan, the message “This link is being scanned” is displayed. If the link is identified as malicious after the scan, a pop-window opens notifying the user that the file is malicious and warns the user against opening it.
Link scan in progress notification (left). Malicious link notification (right).
IT admins can configure a SafeLink policy that turns on the URL trace to track user clicks, which is especially useful for instances when users can bypass the warning and click through to blocked pages. This enables them to appropriately focus on remediation efforts for impacted users while not disrupting the work of unaffected users.
URL trace of user activity.
Public preview of Dynamic Delivery
Since introducing Safe Attachments, we have greatly reduced the time it takes to scan emails containing attachments. While any malware solution requires some small amount time to scan suspicious attachments, Advanced Threat Protection enables you to remain productive during this scan time. Now, with Dynamic Delivery, recipients can read and respond to the email while the attachment is being scanned. Dynamic Delivery delivers emails to the recipient’s inbox along with a “placeholder” attachment notifying the user that the real attachment is being scanned—all with minimal lag time.
Users can read the email body while the attachment is scanned in a Safe Attachments sandbox.
If a user clicks the placeholder attachment, they see a message showing the progress of the scan. If the attachment is harmless, it seamlessly re-attaches to the email so the user can access it. If it is malicious, Office 365 Advanced Threat Protection will filter out the attachment.
The scan progress page displayed when a user clicks an attachment undergoing a scan.
How to enable URL Detonation and Dynamic Delivery
URL Detonation can be enabled through the policy controls in the Safe Links admin window under settings. To enable URL Detonation, select the On radio button and then select the Use Safe Attachments to scan downloadable content checkbox.
Admin control window for Safe Links policy. Both Linked Content Detection and Dynamic Email Delivery (through Safe Attachments) are enabled.
Dynamic Delivery can be activated through the policy controls from the Safe Attachments admin control window under Settings. Simply select the Dynamic Delivery radio button.
Admin control window for Safe Attachments policy with Dynamic Delivery activated.
We’re continuously trying to improve your experience on Office 365, so be sure to let us know what you think of these Advanced Threat Protection feature enhancements!