Office 365 - Advanced Threat Protection (ATP): Features and Shortfalls

This TrustedSec blog analyzes Office 365 Exchange Advanced Threat Protection (ATP), highlighting limitations in Safe Links (which relies largely on reputation/blacklists and does not perform dynamic page analysis) and Safe Attachments (which introduces delivery delays and can be bypassed via obfuscation and archive techniques). The author demonstrates practical methods to improve message delivery (SPF, MX, reputation tuning) and shows that ATP's protections can be circumvented in testing, recommending Microsoft enhance dynamic web analysis and other protections.