Here is how you can configure and manage Safe Attachments within Microsoft 365.
Safe Attachments policies configuration
Before you begin, ensure that you have assigned the necessary permissions. If you don’t have permissions, you’re likely to encounter issues. To start, navigate to the Security & Compliance center > Threat Management > Policy > ATP Safe Attachments.
You will then see the option to create a new Safe Attachments policy. Click this, and you will be navigated to a series of consecutive pages where you can set up each aspect of the policy.
- Settings page: This page allows you to turn the policy on or off, as well as determine what action will be taken on messages. Here, four options are available:
- Off: Disables all protections.
- Monitor: Delivers the message and any attachment but sends a report to the administrator who monitors the mailbox.
- Block: Prevents the entire message from being delivered.
- Replace: Delivers the message without the attachment.
- Redirect Page: If you selected “Block” or “Replace”, you’ll need to specify an email address for redirecting all blocked attachments.
- Recipients Page: This is where you determine which users, groups, or domains the policy applies to.
After configuring these settings, you’ll have successfully set up a new Safe Attachments policy.
Safe Attachments in Teams
Safe Attachments in Teams works in a similar way to how it operates in email. Files shared in Teams are scanned, and if they are found to be malicious, access to the file is blocked. The way this is done largely depends on your Microsoft Defender for Office 365 plan:
- Microsoft Defender for Office 365 Plan 1: In Teams, each file is evaluated by Safe Attachments before it’s uploaded to SharePoint. If the file is malicious, the upload is blocked.
- Microsoft Defender for Office 365 Plan 2: In Teams, each file is evaluated by Safe Attachments after it’s uploaded to SharePoint and opened by a user. For a brief time, the user has read-only access to the file. If the file is found to be safe, full access is granted. If the file is malicious, the user is prevented from downloading or editing it.
Best practices
Remember to follow the best practices when setting up Safe Attachments. Here are some key recommendations:
- Use default settings: The default settings are commonly used and recommended by Microsoft.
- Apply policies to users: Be sure to apply the Safe Attachments policies to your users, groups, or domains as appropriate.
- Educate users: It’s always a good practice to train your users to recognize the signs of threats.
- Regularly review and modify policies: As your organization evolves, your policies should too. Make sure to review and modify them as necessary.
In summary, configuring and managing Safe Attachments is an essential part of the MS-203 Microsoft 365 Messaging exam. Getting to grips with Safe Attachments will not only help you in the exam but also contribute to securing your organization’s network infrastructure.
Practice Test
True or False: Safe attachments are available in all Office 365 subscriptions.
- True
- False
Answer: False
Explanation: Safe attachments are not available in all Office 365 subscriptions. It’s a feature of Microsoft Defender for Office 365, Plan 1 and Plan
True or False: Safe Attachments checks email attachments for malware or viruses.
- True
- False
Answer: True
Explanation: Safe Attachments will scan email attachments in a special, isolated environment to detect any potential threats before the email is delivered to the recipient’s inbox.
Which settings are optional when creating a Safe Attachments policy?
- A. Block
- B. Replace
- C. Redirect
- D. Dynamic Delivery
Answer: A. Block, B. Replace, C. Redirect
Explanation: When creating a Safe Attachments policy, it’s optional to select Block (blocks entire message), Replace (removes attachment), Redirect (sends message to admin), or Dynamic Delivery (sends message without attachment first).
Under what condition, Safe Links policy won’t apply even if user clicks a link in the message?
- A. The message is sent by an internal sender
- B. The message is less than 24 hours old
- C. The link leads to a trusted website
- D. The link is found in an encrypted message
Answer: D. The link is found in an encrypted message
Explanation: Safe Links policy doesn’t apply to links in encrypted messages or meeting invitations.
What happens when you configure “Dynamic Delivery” in Safe Attachments?
- A. It replaces attachments with a placeholder
- B. It sends an additional copy of the email to the admin
- C. It deletes the email immediately
- D. It forwards the email to external recipients
Answer: A. It replaces attachments with a placeholder
Explanation: Dynamic Delivery sends the body of the email immediately with a placeholder attachment. The recipient can read and respond to the message while the actual attachment is being scanned.
Can end users release messages from quarantine if they have ‘Safe Attachments’ policy applied?
- A. Yes
- B. No
Answer: B. No
Explanation: Users can’t release messages that were quarantined because of a Safe Attachments policy.
What does setting the action to “Off” in a Safe Attachment policy do?
- A. It prevents the policy from being enforced
- B. It shuts down the Safe Attachment feature
- C. It ignores attachments and doesn’t scan them
- D. It automatically sends attachments to quarantine
Answer: A. It prevents the policy from being enforced
Explanation: Setting the action to “off” in a Safe Attachments policy prevents the policy from being enforce.
True or False: Safe Attachments can be applied to SharePoint files and Microsoft Teams files.
- True
- False
Answer: True
Explanation: Safe Attachments can be applied to files in SharePoint, Microsoft Teams, and OneDrive.
Which of these is not a possible response if a threat is detected by Safe Attachments?
- A. Move the message to the recipient’s junk mail folder
- B. Delete the entire message
- C. Remove the attachment and deliver the message with a text file concerning the removal
- D. Deliver the message to the recipient’s inbox without any changes
Answer: D. Deliver the message to the recipient’s inbox without any changes
Explanation: When a threat is detected, Safe Attachments won’t deliver the message as is to safeguard the recipient’s inbox.
True or False: You can configure Safe Attachments settings at the organization level.
- True
- False
Answer: True
Explanation: You can indeed configure Safe Attachments setting at an organization level in the security and compliance center.
Interview Questions
What is Safe Attachments in Microsoft 365?
Safe Attachments in Microsoft 365 is a feature provided in Defender for Office 365 that checks documents for malware or viruses before they reach mailboxes.
How does Safe Attachments scan email attachments?
Safe Attachments scans emails and attachments in a detonation chamber, which is an isolated environment, and examines them for any threatening behavior.
What are dynamic delivery scan results in Safe Attachments and how do they work?
Dynamic delivery scan results provide visibility into scanned attachments. While the Safe Attachments feature scans an email, users can read and respond to the message. Once the scan process is complete, if no threat is detected, the attachment is delivered.
What are the main configurations for Safe Attachments policy?
The main configurations for Safe Attachments policy are Block, Replace, Dynamic Delivery and Monitor.
What is the function of a Block configuration in Safe Attachments policy?
A ‘Block’ configuration in Safe Attachments policy prevents the entire message, including the attachment, from being delivered when a threat is detected.
What does the ‘Replace’ option do in Safe Attachments?
The ‘Replace’ feature removes the malicious attachment, but allows the message to be delivered to the recipient’s mailbox.
How does the ‘Dynamic Delivery’ feature work?
With ‘Dynamic Delivery’, users receive the email immediately, with the attachment being replaced by a placeholder. The actual attachment becomes available once the scan is finalized and found to be safe.
What does the ‘Monitor’ option do in Safe Attachments?
The ‘Monitor’ option delivers the mail with the attachment, but it monitors what the recipient does with the attachment. If a threat is found later, alerts are generated.
In which order are Safe Links and Safe Attachments processed for email messages?
The email is first scanned by Safe Attachments, and if found safe, it is then passed onto Safe Links for additional checks.
What happens in Safe Attachments redirect in Microsoft 365?
The Safe Attachments redirect ‘On’ setting sends detected threats to a specified mail address for further review after Safe Attachments has scanned the emails.
Can you disable Safe Attachments for a specific recipient?
Yes, you can disable Safe Attachments for a specific recipient by creating a new Safe Attachments policy, specifying the recipient, and setting the action to ‘Off’.
Are there any special licenses required to use Safe Attachments in Microsoft 365?
Yes, Safe Attachments is a part of Microsoft Defender for Office 365, which requires either a Plan 1 or Plan 2 license.
Can you report false positives or negatives within Safe Attachments?
Yes, you can report false positives and negatives to Microsoft using the ‘Submit a sample to the Microsoft Defender ATP portal’ procedure.
Can we use Safe Attachments in hybrid environments?
Yes, Safe Attachments can be used in hybrid environments if you route email messages through Microsoft 365 before they’re delivered to on-premises mailboxes.
Can customized notification text be used in Safe Attachments?
Yes, you can customize the notification text that gets sent when Safe Attachments finds a threat. However, the notice itself can’t be customized.