Defender for Office 365 Email Attachment Scanning Policy Modification

This guide will provide background information on modifying an existing safe attachment threat policy.

Safe Attachments Threat Policy

Safe Attachments is a feature of Office 365 Advanced Threat Protection that ensures incoming email attachments are not malicious. When this feature is activated, it automatically opens attachments in a separate, virtual environment to test them. This makes sure the real-time environment is not disturbed. Administrators can configure policies to block malicious attachments that users receive via email and redirect the message to a designated mailbox so that checks can be made to ensure that the attachment is safe.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Modifying a Safe Attachments Threat Policy

1. Navigate to the Safe Attachments – Microsoft Defender portal, locate and select the policy you wish to alter.
   
2. Upon opening the policy, all the information of the policy will be displayed. 3 points of interest will be available to Edit. You can modify the sections as needed.
   1. Description: Adjust the description of the policy; a non-functional element that provides background information on the scope of what the policy is trying to accomplish.
      
   2. Users and Domains: Specifies the users, groups, or owned domains that this policy will be applied to; additionally, you can also specify exclusions if necessary.
      
   3. Settings: Specifies the filters that will be applied to emails for a compliance match as well as how messages will be handled when they fail this threat policy check.
      
3. Regardless of the section alterations are being made in the same procedure applies once the necessary changes have been made select Save.
   
4. Once all items have been reviewed, select Close to finalize modifications made to the policy.
   

Need Assistance?