General
The Safe Attachments policy helps protect users from malware in email attachments by scanning them for viruses, malware, and other malicious content. When an email attachment arrives, Safe Attachments will analyze it in a secure environment and decide whether it is safe or not.
Rationale
By enabling Safe Attachments policy, users are protected from malware threats in email attachments by analyzing suspicious attachments in a secure, cloud-based environment before they are delivered to the inbox. This provides an extra layer of protection and can prevent new or unknown types of malware from infiltrating the organization.
Attic Fix
No fix is available for this check. Follow the advice by executing the manual instructions.
Manual Instruction
Perform these steps to adjust the setting:
- Go to Microsoft 365 Defender https://security.microsoft.com
- Click Email & Collaboration open and select Policies & Rules
- On the Policies & Rules page, select Threat Policies
- Under Policies select Safe Attachments
- Click + Create
- Type a Policy Name and Description and click Next
- Select all valid domains and click Next
- Select Block
- Quarantine Policy is AdminOnlyAccessPolicy
- Leave Enable redirect disabled
- Click Next and finally Submit
Impact
Delivery of emails with attachments may be delayed while scanning is performed.
CIS Mapping
-
CIS Item: 4.5 (L2) Ensure Attachments policy is enabled
-
Profile: E5 Level 2
Comments
0 comments
Please sign in to leave a comment.