Threat Prevention Service Documentation

ITS is updating spam and malware/virus prevention for university email systems, Office 365 and G Suite. The threat prevention service will be comprised of two filtering services, Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). Below is a description of the changes and functionality.

Email Routing to Exchange Online Protection

On June 25th, ITS will move the mail exchanger (MX) record for the domain from the current spam filtering appliance, Barracuda, to Microsoft Exchange Online Protection (EOP).  EOP is a cloud-hosted email filtering service built to protect customers from spam and malware.


Diagram 1. Email routing with EOP

After this change, emails to will be analyzed and scored by EOP, and then the necessary action will be taken based on the criteria provided below:

The previous filtering appliance would block the delivery of the majority of spam message to mailboxes. With this change to EOP, recipients will receive the spam messages in various ways determined by the message’s SCL rating.

Advanced Threat Protection

Advanced Threat Protection (ATP) is an email filtering service that helps protect against unknown malware and viruses by providing robust zero-day protection. It also includes features to protect users from clicking harmful links in real time. It offers protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, Exchange Online and OneDrive for Business.


Diagram 2. ATP process. Source:


ATP Features

Safe links: This feature proactively protects users from malicious hyperlinks by rewriting them once scanned. This protection remains every time the user clicks the link. Malicious links are dynamically blocked. When the link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available so administrators can track which users clicked a link and when they clicked it.

Safe Attachments: This feature protects against unknown malware and viruses and provides real time protection. All messages and attachments that do not have a known virus or malware signature are routed to a special environment where ATP analyzes it to detect malicious content.

Spoof Intelligence: This feature detects when a sender appears to be sending mail on behalf of one or more accounts within the organization domains.