When you have Office 365 Advanced Threat Protection (ATP) you should ensure that you actually go in a create a Safe Attachments policy because I don’t believe one is created by default.
You’ll need to login to your Office 365 portal as an appropriate administrator and then navigate to the Security and Compliance portal as shown above.
From the menu on the left select Threat management. This should reveal a number of additional options. From those that appear, select Policy.
You should now see a number of options on the right hand side as shown above. Locate and select the ATP safe attachments option.
You should now be in the Safe attachments area as shown above.
Starting at the top of the page, ensure you have the Turn on ATP for SharePoint OneDrive and Microsoft Teams checked as shown.
In the lower area you will see that no policies exist. To create a policy select the + (plus) icon.
Give the new policy a name and select the action that will be taken from the options below. In this case I have selected the Replace option.
You can enable redirection if you wish.
You now need to create the rules for this policy. if you want everything checked select the option The recipient domain is and then all the domains you have in your Office 365 tenant.
Save the configuration by using the button at the bottom of the screen.
The update will be processed and applied.
When you look at the Safe attachments page now you should the policy as shown in place.
To read more about safe attachments in Office 365 Advanced Threat Protection see:
CIAOPS 