Email Security/Exchange Online - Ensure Safe Attachments Policy Is Enabled

 








Summary

This policy, if enabled, can extend the malware protection to include the routing of all the messages and attachments without an known malware signature to a special hypervisor environment. In that environment, a behavior analysis is performed with the help of a variety of machine learning and analysis techniques to detect malicious intent.

Reason

This policy helps in identifying and stopping previously unknown malwares more accurately.

What If?

During scanning, the delivery of emails with attachments may suffer some delay.

How to?

To enable the Safe Attachments policy, use the Microsoft 365 Admin Center:
  1. Select Security in order to open the Microsoft 365 Defender portal. 
  2. Under E-mail & Collaboration navigate to Policies & rules > Threat policies.
  3. Now, under Policies select Safe Attachments.
  4. Click + Create.
  5. After that, enter Policy Name and Description.
  6. Pick Block, Monitor, Replace or Dynamic Delivery.
  7. Select Save.

Monitor:

To verify the Safe Attachments policy is enableduse the Microsoft 365 Admin Center:
  1. Select Security in order to open the Microsoft 365 Defender portal. 
  2. Under E-mail & Collaboration navigate to Policies & rules > Threat policies.
  3. Under Policies select Safe Attachments.
  4. Now, verify that at least one policy exists.
To verify the Safe Attachments policy is enabled, you may also use the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Now, run the following Exchange Online PowerShell command: 

Get-SafeAttachmentPolicy | Where-object {($_.Enable-eq "True")























Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)