Microsoft's Advanced Threat Protection (ATP)

Microsoft's Advanced Threat Protection (ATP) service is part of an ongoing cybersecurity initiative to protect Dartmouth. ATP analyzes incoming email, and blocks malware and unsafe links.

ATP provides two services: Safe Attachments and Safe Links.

  • Safe Attachments: This feature checks email message attachments for malware and removes any attachments that test positive.
  • Safe Links: This feature proactively protects members of the Dartmouth community from malicious hyperlinks in a message.

Dartmouth will enable ATP on July 31, 2017 to protect the Dartmouth community from malicious email attacks, such as the recent WannaCry or Petya ransomware attacks which spread globally. These protections will reduce the likelihood that members of the Dartmouth community will become the victims of similar exploits in the future. 

How will Advanced Threat Protection change Dartmouth's email security?

  • ATP provides real-time dynamic protection against previously unknown (zero day) malware.
  • With Safe Attachments, malware attachments are removed but the message is still delivered. The security scan of attachments introduces a short delay in email delivery - 4 minutes on average (according to Microsoft). This time delay varies depending on file type and can result in a delivery delay of up to 30 minutes. Testing performed sending emails with various attachments from the local Dartmouth Computer Science department email server to Office 365 recipients did not result in any noticeable delays in email delivery
  • Safe Links provides real-time, time-of-click protection against phishing and malicious web sites. If a link is found to lead to a malicious web site, a warning will be displayed instead of the website. This service does not guarantee that all links which are scanned are safe, but does guard against many known unsafe sites and is continually updated with new information about malicious sites. 

How will Advanced Threat Protection be implemented?

This protection will be enabled for all Faculty, Staff and Students who use Dartmouth's Office 365 platform ( accounts). Alumni accounts are not covered by this protection.

For the segment of the Dartmouth community that forwards email to external non-Dartmouth accounts (e.g.,, Safe Attachments will be enabled but Safe Links will not. This is to facilitate the delivery of forwarded email.

There will continue to be events that may circumvent these safeguards. Cybersecurity is an arms race between "the bad guys" and software protections against emerging threats. The good news is that Office 365 is a cloud-based platform that Microsoft continues to improve and evolve, including continual updates to the detection functions within ATP. 

For more information see:

For additional questions, see IT Help Sources.


Article ID: 67012
Fri 11/9/18 2:47 PM
Tue 4/14/20 2:12 PM