Exchange Online Advanced Threat Protection Audit
M365 Advanced Threat Protection safeguards your organization from modern cybersecurity threats such as ransomware, phishing, malware, hacking , and so on. Tracking the ATP configuration changes helps the company improve zero-day protection and prevent targeted attacks. AdminDroid's ATP reports allow admins to stay on top of auditing the changes to Office 365 protection policies.
Configuration changes related to safe attachments.
-
A list of safe attachment policy configuration changes is available in this report.
-
This report helps to ensure no accidental security vulnerabilities occur due to email attachment configuration changes.
-
In this report, admins can view details about the respective user, respective safe attachment policy, activity time, and so on.
Configuration changes related to safe link.
-
Admins can use this report to track the changes made to Office 365 safe link policies. Also, admins can obtain the details of the username, activity time, respective safe link policy, and more.
-
Monitoring safe link configuration changes helps to avoid URLs getting rewritten, excluded, and bypassed.
Configuration changes related to anti-spam.
-
Anti-spam configuration changes are listed in this report. Auditing anti-spam configurations are required to protect against junk emails and packet spoofing attacks.
-
Using this report, admins can track the changes made on both inbound and outbound anti-spam policies. Also, admins can find details of the username, respective anti-spam policy, activity time, and more.
Configuration changes related to anti-malware.
-
This report provides the configuration changes made to anti-malware protection policies.
-
Admins should inspect the unnecessary changes in O365 anti-malware policies as they lead to malware attacks occurring in the organization.
-
Using this report, they can track the username, respective anti-malware policy, activity time, and more.
Configuration changes related to phishing filter.
-
Admins can track the configuration changes happening in phishing filter policies through this report.
-
Auditing phishing filter configurations is necessary to protect users form phishing attacks during online browsing.
-
Also, admins can check the details like activity time, user, respective phishing filter policy, and more using this report.
Configuration changes related to anti-phish policy/rule.
-
In this report, admins will find a list of M365 anti-phishing policies and rule changes. It helps admins to follow phishing configuration changes to prevent credentials and passwords from being compromised.
-
Using this report, they can find the details like configured time, UPN, respective anti-phish policy, and more.
Configuration changes related to junk emails.
-
Admins can track any changes made on the Office 365 junk mail policy configurations using this report.
-
The junk email rule examines each incoming message and lists them as safe senders, safe recipients, blocked senders, and blocked recipients.
-
So, admins can identify the suspicious mail senders and receivers. Also, detailed information like activity time, users, respective junk email configuration policy, etc., are available in this report.
Configuration changes related to Domain Keys Identified Mail(DKIM).
-
This report lists the changes made to the DKIM configuration in the organization. Admins must monitor DKIM configuration changes to avoid spoofing, spam, and phishing attacks.
-
Further, admins can view the details of configured time, respective user, respective DKIM configuration policy, etc., in this report.
Configuration changes related to the settings of safe link protection, safe documents, safe attachments, etc.
-
With this report, admins can monitor the settings changes of Office 365 ATP policies that provide safe document protection, safe link protection, and safe attachment protection.
-
By doing so, admins can protect the confidential data against potential threats, malicious malware, and so on.
-
Viewing this report helps admins to obtain the details such as username, activity time, configuration changes, and more.
Configuration changes related to Advanced Threat Protection.
-
A list of configuration changes related to all ATP activities is available in this report. Admins can use this report to get detailed insights to track ATP overall configuration changes in Microsoft ATP policies.
-
This report includes additional details such as username, respective protection policy, event time, and so on.
