Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Microsoft Exchange Malware Check and Notification [CHK-1025]

This check determines if Microsoft Exchange is scanning incoming emails for malware and if administrators receive a notification when malware is received from outside the organization.

Rationale

Malware often enters through email. Microsoft Exchange can block this, and it's crucial to use this feature. However, malware detection can also indicate a broader issue. Therefore, it's wise to archive these emails for further analysis.

Fix

An automated fix is available through Attic.

Manual steps:

  • Navigate to the Microsoft 365 Defender portal.

  • Select "Email and collaboration" from the left-hand menu.

  • Select "Policies and rules" from the left-hand menu.

  • Select "Threat policies"

  • Select "Anti-malware"

  • Select the default policy.

  • Click on "Edit protection settings"

  • Fill an admin email in the "Notify an admin about undelivered messages from external senders" field.

  • Click on "Save" to apply the changes.

Impact

The policy to scan emails for malware is correctly configured and administrators receive notifications when malware is received from outside the organization.

More Information

For more information, refer to the Microsoft 365 Defender portal's guidelines on email and collaboration policies and rules.