Safe Attachments Policy Check and Configuration [CHK-1062]
The Safe Attachments policy scans email attachments for viruses, malware, and other malicious content to protect users.
Rationale
Enabling the Safe Attachments policy provides an extra layer of protection by analyzing suspicious email attachments in a secure, cloud-based environment before they reach the user's inbox. This can prevent new or unknown types of malware from infiltrating the organization.
Fix
An automated fix is not available for this check. To fix it yourself, follow these steps:
- Go to Microsoft 365 Defender at https://security.microsoft.com
- Click on Email & Collaboration and select Policies & Rules
- On the Policies & Rules page, select Threat Policies
- Under Policies, select Safe Attachments
- Click + Create
- Enter a Policy Name and Description and click Next
- Select all valid domains and click Next
- Select Block
- Quarantine Policies is AdminOnlyAccessPolicy
- Leave Enable redirect disabled
- Click Next and finally Submit
Impact
The delivery of emails with attachments may be delayed while the scanning is performed.
More Information
For more information, refer to the CIS Item: 4.5 (L2) Ensure Attachments policy is enabled and the E5 Level 2 Profile.