2.1.5 Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams scans these services for malicious files.

Rationale:

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams protect organizations from inadvertently sharing malicious files. When a malicious file is detected that file is blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team.

Impact:

Impact associated with Safe Attachments is minimal, and equivalent to impact associated with anti-virus scanners in an environment.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams:

Navigate to Microsoft 365 Defender https://security.microsoft.com

Under Email & collaboration select Policies & rules

Select Threat policies then Safe Attachments.

Click on Global settings

Click to Enable Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams

Click to Enable Turn on Safe Documents for Office clients

Click to Disable Allow people to click through Protected View even if Safe Documents identified the file as malicious.

Click Save

To remediate using PowerShell:

Connect to Exchange Online using Connect-ExchangeOnline.

Run the following PowerShell command:

Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true -EnableSafeDocs $true -AllowSafeDocsOpen $false

See Also

https://workbench.cisecurity.org/benchmarks/12934