 Hello, admins! Are your users still consistently fooled by phishing emails even after cybersecurity awareness training? Take human error out of the equation and prevent your accounts from being compromised with Office 365's Advanced Threat Protection. There are three components of Advanced Threat Protection, also known as ATP. There's anti-phishing, safe attachments, and safe links. To configure your ATP policies, sign into your admin portal, click the ellipses, and click the admin icon to pull up the list of admin centers. Select Security and Compliance from the list. If you want to skip a few clicks, you can also sign into the Security and Compliance Center directly at protection.office.com. On the left-hand menu, click Threat Management to expand the menu and select Policy. Now we can edit our organization's default policy and create new policies. Let's start with anti-phishing. If you edit the default policy, it means that the changes you make will affect the entire organization. If you wish to test your changes or create policies that affect only a subset of your users, then you should choose Create a New Policy. There are two methods to protect your organization, either by adding individual users to a policy or by domain. If you choose to protect by user, you can list up to 60 per policy. If an impersonation match occurs, it will trigger an action you can define later. If you choose to protect by domain, any instance of an impersonation attempt for that domain will trigger an action. Actions are the same for both users to protect and domains to protect. However, since a specifically impersonated user may be more of a security concern for your organization, you may wish to redirect the message to an admin email address to analyze further or quarantine the message. And again, if your domain is impersonated, you have the same options. Also on this page, you can enable mail tips for your users. Since I am choosing to still deliver the message to the recipient, albeit through the junk email folder, I am going to let the user know why the message ended up in the junk email folder by turning on impersonation safety tips. That way, the end user will know why the message ended up in the junk email folder and to be suspicious of the message. Moving on to mailbox intelligence, turn this feature on to utilize Microsoft's artificial intelligence to analyze your user's communication patterns and identify potential phishing attempts. So if a user who almost never receives an email from the CEO of your company one day does, the message will automatically be analyzed for phishing determination. Of course, it is always possible when first configuring your anti phishing policies that legitimate mail is marked as phishing due to false positives. You can always add senders and domains to a safe list so that they bypass the anti phishing filter and are delivered normally. Finally, review your settings and click save to enable your policies. If you create new policies, they will show up here. Next in our advanced threat protection tour is safe attachments. Use safe attachments to automatically scan attachments to determine if they are malicious or not, all before the user even receives it. By the way, safe attachments doesn't just scan attachments in email, but also in SharePoint, OneDrive, and Teams. Just like with anti phishing, you can create multiple policies. In this policy, I'm going to replace any malicious attachment. You can also choose to redirect the blocked attachment to another mailbox for analysis. Finally, we apply the message to a group of users. This is what your users will experience should you choose to also replace your attachments. Last, but certainly not least, we arrive at Safe Links. Safe Links rewrites a message's original URL to a sandbox site where, when opened, it is tested against Microsoft's database of malicious sites. If it passes Microsoft's inspection, the user is allowed to visit the site. If not, you can choose to block access to the site or allow the user to go on ahead. The default affects the entire organization, but if you wanted to create a policy for a subset of users, click on the plus icon to create a new policy. Give it a name and select the on option. Choose any additional settings for this policy. Scroll down to choose who the policy should be applied to and click save. By the way, if you want to include your own custom links, you can do that too by opening up the default policy, clicking the pencil icon, and adding your custom links. Remember, the default affects the entire organization. By default, Safe Links only applies to email in the Outlook program, but it can be configured to apply to other Office ProPlus programs like Word, Excel, etc. It can be configured to work on mobile devices and Office Online. You can also select if you want to audit when a user clicks on a safe link or if they proceed to a website anyway. By using Office 365's Advanced Threat Protection, you allow both policy and artificial intelligence to govern your user's cybersecurity behavior instead of relying on just the user. It is a great set of tools to secure an organization of any size. I'm Steve with the Protected Trust Train Department, and we'll see you next time.