Information
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams scans these services for malicious files.
Rationale:
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams protect organizations from inadvertently sharing malicious files. When a malicious file is detected that file is blocked so that no one can open, copy, move, or share it until further actions are taken by the organization's security team.
Impact:
Impact associated with Safe Attachments is minimal, and equivalent to impact associated with anti-virus scanners in an environment.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams:
Navigate to Microsoft 365 Defender https://security.microsoft.com
Under Email & collaboration select Policies & rules
Select Threat policies then Safe Attachments.
Click on Global settings
Click to Enable Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
Click to Enable Turn on Safe Documents for Office clients
Click to Disable Allow people to click through Protected View even if Safe Documents identified the file as malicious.
Click Save
To remediate using PowerShell:
Connect to Exchange Online using Connect-ExchangeOnline.
Run the following PowerShell command:
Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true -EnableSafeDocs $true -AllowSafeDocsOpen $false