2.1.4 Ensure Safe Attachments policy is enabled

Information

The Safe Attachments policy helps protect users from malware in email attachments by scanning attachments for viruses, malware, and other malicious content. When an email attachment is received by a user, Safe Attachments will scan the attachment in a secure environment and provide a verdict on whether the attachment is safe or not.

Rationale:

Enabling Safe Attachments policy helps protect against malware threats in email attachments by analyzing suspicious attachments in a secure, cloud-based environment before they are delivered to the user's inbox. This provides an additional layer of security and can prevent new or unseen types of malware from infiltrating the organization's network.

Impact:

Delivery of email with attachments may be delayed while scanning is occurring.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable the Safe Attachments policy:

Navigate to Microsoft 365 Defender https://security.microsoft.com.

Click to expand E-mail & Collaboration select Policies & rules.

On the Policies & rules page select Threat policies.

Under Policies select Safe Attachments.

Click + Create.

Create a Policy Name and Description, and then click Next.

Select all valid domains and click Next.

Select Block.

Quarantine policy is AdminOnlyAccessPolicy.

Leave Enable redirect unchecked.

Click Next and finally Submit.

Default Value:

disabled

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, 800-53|SI-8, 800-53|SI-16, CSCv7|7.10, CSCv7|8.1

Plugin: microsoft_azure

Control ID: c10737111c027e6342d5fd99eaa8af7b6058521eea35aa1733ef2761aef51e49