Information
Enabling the Safe Attachments policy extends malware protections to include routing all messages and attachments without a known malware signature to a special hypervisor environment. In that environment, a behavior analysis is performed using a variety of machine learning and analysis techniques to detect malicious intent.
Rationale:
This policy increases the likelihood of identifying and stopping previously unknown malware.
Impact:
Delivery of email with attachments may be delayed while scanning is occurring.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To enable the Safe Attachments policy, use the Microsoft 365 Admin Center:
Click Security to open the Microsoft 365 Defender portal.
Navigate to Policies & rules > Threat policies
Under Policies select Safe Attachments.
Click + Create.
Enter Policy Name and Description.
Select Block, Monitor, Replace or Dynamic Delivery.
Select Save.
Default Value:
disabled