Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Malware Notifications for Internal Emails  [CHK-1024]

This check verifies if administrators receive notifications when malware is detected in emails sent within the organization.

Rationale

Spam emails originating from within the organization could indicate unauthorized access to a colleague's mailbox or a computer infected with malware. Ensuring that administrators are notified of such incidents allows for prompt action to mitigate potential threats.

Fix

An automated fix is available through Attic.

Manual steps:

  • Go to the Microsoft 365 Defender portal.

  • Choose "Email and collaboration" from the left-hand menu.

  • Pick "Policies and rules" from the same menu.

  • Select "Threat policies".

  • Choose "Anti-malware".

  • Select the default policy.

  • Click on "Edit protection settings".

  • Enter an admin email in the "Notify an admin about undelivered messages from internal senders" field.

  • Click on "Save" to apply the changes.

Impact

Activating this policy ensures that any detected malware in internal emails is promptly reported to administrators, enhancing the organization's ability to respond to potential security threats.

More Information

For more details, refer to the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark.