As you all know, attackers, use widely malicious attachments to perform “Initial access”.
Safe attachments is one of our defences in order to prevent that in our Environment
Safe Attachments provides an additional layer to the Antimalware Exchange protection.
Safe Attachment works with Machine Learning in order to protect your users inbox
Policies may take around 30 minutes to apply .
Safe attachments blade also contains “Safe documents” which is standard security requirement in tenants & important to ensure is enabled
Creating your Safe Attachments Policy
- Go for the 365 Defender blade , get policies and rules & open “Threat policies”
- In Threat policies, select Safe attachments
- Create your policy
- Assign to a user or groups
In Settings is where you can tune what you want to do with your Tenant / Users.
I personally recommend “Dynamic Delivery”. As it’s the one that I consider impact less the users towards false positives. Is balanced and the attachments even malicious will not land on the user mailbox.
The user will expect not to open the files until are safely scanned
Depends on your Security Requirements . If you want to directly Apply a quarantine policy then use block
In regards Redirection of detected attachments. I personally dont use this setting for safety reasons
To apply the policy just click in Submit
Configure Safe Documents in your Global Settings !
- Requires E5 Licence
- Click on global Settings on the safe attachments blade
It is recommended to enable these settings so 365 defender protects Sharepoint, OneDrive, and MS Teams independently of Safe attachments. (Options are applied—Tenant Wide)
Report Safe attachments
You can monitor reports of the feature in the 365 blade—Reports . Section—Email / Collaboration—Threat Protection.