If your organization has Office 365 Advanced Threat Protection (ATP) and you have the necessary permissions, you can use several ATP reports in the Security & Compliance Center. (Go to Reports > Dashboard.)
ATP reports include the Threat Protection Status report, the ATP File Types report, and the ATP Message Disposition report. This article describes the ATP reports and includes links to additional reports to view.
Threat Protection Status report
The Threat Protection Status report is a single view that brings together information about malicious content and malicious email detected and blocked by Exchange Online Protection (EOP) and Office 365 ATP. The report provides an aggregated count of unique email messages with malicious content (files or website addresses (URLs)) blocked by the anti-malware engine, zero-hour auto purge (ZAP), and ATP features, such as ATP Safe Links, ATP Safe Attachments, and ATP anti-phishing capabilities.
A Threat Protection Status report is available to customers who have either Office 365 ATP or Exchange Online Protection (EOP); however, the information that is displayed in the Threat Protection Status report for ATP customers will likely contain different data than what EOP customers might see. For example, the Threat Protection Status report for ATP customers will contain information about malicious files detected in SharePoint Online, OneDrive, or Microsoft Teams. Such information is specific to ATP, so customers who have EOP but not ATP will not see those details in their Threat Protection Status report.
To view the Threat Protection Status report, in the Security & Compliance Center, go to Reports > Dashboard > Threat Protection Status.
To get detailed status for a day, hover over the graph.
By default, the Threat Protection Status report shows data for the past seven days. However, you can choose Filters and change the date range to view data for up to 90 days.
You can also use the View data by menu to change what information is displayed in the report.
ATP File Types report
The ATP File Types report shows you the type of files detected as malicious by ATP Safe Attachments.
To view this report, in the Security & Compliance Center, go to Reports > Dashboard > ATP File Types.
ATP Message Disposition report
The ATP Message Disposition report shows you the actions that were taken for email messages that were detected as having malicious content.
To view this report, in the Security & Compliance Center, go to Reports > Dashboard > ATP Message Disposition.
When you hover over a bar in the chart, you can see what actions were taken for detected email for that day.