O365 Email Attachment Scanning Policy Creation Procedure

This admin procedure will provide background information on creating a safe attachment threat policy that will monitor email attachment scanning for inbound and outbound mail flow.

Safe Attachments Threat Policy

Safe Attachments is a feature of Office 365 Advanced Threat Protection that ensures incoming email attachments are not malicious. When this feature is activated, it automatically opens attachments in a separate, virtual environment to test them. This makes sure the real-time environment is not disturbed. Administrators can configure policies to block malicious attachments that users receive via email and redirect the message to a designated mailbox so that checks can be made to ensure that the attachment is safe.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity

Creating a Safe Attachments Threat Policy

1. Navigate to Safe Attachments – O365 Defender, and select Create.
   
2. Provide the basic information to the policy such as name and description, should explain the policies’ purpose and scope of effect. Select Next to continue.
   
3. Next you will be able to supply assignments or exclusions to internal users, groups, and domains. Select Next to proceed.
   
4. A list of all the possible configuration settings will be listed, make sure to apply the necessary settings to fit the needs of your organization. Select Next to continue.
   
5. The review page will allow you to see all configured settings for the device control creation process, if you detect a discrepancy at this stage make note of the section and select Back to make alterations before finalization. If everything checks out, select Submit to publish the policy.
   
6. A prompt will be displayed detailing that the policy has been created and has been put into immediate effect. Select Done to finalize the creation process.
   

You're Finished!