2.5 Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled

Information

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams scans these services for malicious files.

Rationale:

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams protects organizations from inadvertently sharing malicious files. When a malicious file is detected, that file is blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team.

Impact:

Impact associated with Safe Attachments is minimal, and equivalent to impact associated with anti-virus scanners in an environment.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams:

Navigate to Microsoft 365 Defender https://security.microsoft.com

Under Email & collaboration select Policies & rules

Select Threat policies then Safe Attachments.

Click on Global settings

Click the toggle to Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams

Click Save

To remediate using PowerShell:

Connect to Exchange Online using Connect-ExchangeOnline.

Run the following PowerShell command:

Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $True

See Also

https://workbench.cisecurity.org/benchmarks/10751