Turn on ATP for SharePoint, OneDrive & Teams

In the previous post, we saw how it looks like and what happens when a malicious files are detected in a SharePoint Library and OneDrive.

In this post, we will walk through turning ATP on for SharePoint, OneDrive and Teams.

1- Go to Security Admin Center, under Thread Management, click on Policy,

2- Start by clicking Create to create a new policy.

3- Follow the steps for the policy, in the settings, choose to block all,

4- Once the policy created, select it and select Global settings;

5- By default, the policy will have ATP turned on for SharePoint, OneDrive and Teams.

ATP – Malicious file detected in a library – SharePoint, OneDrive & Teams

People regularly share files and collaborate using SharePoint, OneDrive, and Microsoft Teams. With Office 365 Advanced Threat Protection (ATP), your organization can collaborate in a safer manner. ATP helps detect and block files that are identified as malicious in team sites and document libraries.

How Office 365 ATP operates

When a file in SharePoint Online, OneDrive for Business, and Microsoft Teams has been identified as malicious, ATP directly integrates with the file stores to lock that file. The following image shows an example of a malicious file detected in a library.

Although the blocked file is still listed in the document library and web, mobile, or desktop applications, the blocked file cannot be opened, copied, moved, or shared. People can, however, delete a blocked file. Here’s an example of what that looks like on a user’s mobile device:

Depending on how Microsoft 365 is configured, people might or might not have the ability to download a blocked file. Here’s what downloading a blocked file looks like on a user’s mobile device: