O365 Email Attachment Scanning Policy Modification Procedure

This admin procedure will provide background information on modifying an existing safe attachment threat policy.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Safe Attachments Threat Policy

Safe Attachments is a feature of Office 365 Advanced Threat Protection that ensures incoming email attachments are not malicious. When this feature is activated, it automatically opens attachments in a separate, virtual environment to test them. This makes sure the real-time environment is not disturbed. Administrators can configure policies to block malicious attachments that users receive via email and redirect the message to a designated mailbox so that checks can be made to ensure that the attachment is safe.


Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity


Modifying a Safe Attachments Threat Policy

  1. Navigate to Safe Attachments – O365 Defender, locate the policy you wish to alter.
  2. Upon opening the policy, all the information of the policy will be displayed. 3 points of interest will be available to Edit. You can modify the sections as needed.
    1. Description: Adjust the description of the policy; a non-functional element that provides background information on the scope of what the policy is trying to accomplish.
    2. Users and Domains: Specifies the users, groups, or owned domains that this policy will be applied to; additionally, you can also specify exclusions if necessary.
    3. Settings: Specifies the filters that will be applied to emails for a compliance match as well as how messages will be handled when they fail this threat policy check.
  3. Regardless of the section alterations are being made in the same procedure applies once the necessary changes have been made select Save.
  4. Once all items have been reviewed, select Close to finalize modifications made to the policy.

You're Finished!

You should have successfully modified an existing safe attachments threat policy that will enforce email attachment scanning settings on inbound and outbound mail flow. For any other problems or questions, reach out to us!