In today’s digital age, email remains a primary vector for cybersecurity threats, ranging from phishing attempts to sophisticated malware attacks. As organizations strive to fortify their defenses, it’s crucial to leverage every tool available to safeguard sensitive information. One such powerful tool in Microsoft 365’s arsenal is the Safe Attachments policy, part of Microsoft Defender for Office 365. This policy provides an essential layer of protection by scanning email attachments for malicious content before they reach the end user. Implementing the Safe Attachments policy not only enhances your organization’s email security but also improves your Microsoft Defender Secure Score—a metric that assesses your security posture within the Microsoft ecosystem. In this blog post, we will guide you through the steps to enable the Safe Attachments policy, ensuring that your organization remains resilient against email-borne threats.

Note: “Recommended action” Remediations as identified by “Microsoft 365 admin center Portal (https://portal.microsoft.com) \ Security \ Secure score \ Recommended actions” in a pristine baseline environment.

Rank Recommended action

144 Ensure Safe Attachments policy is enabled.

Microsoft Security Score

Secure Score Improvement: +0.48%

General

Description

The Safe Attachments policy helps protect users from malware in email attachments by
scanning attachments for viruses, malware, and other malicious content. When an email
attachment is received by a user, Safe Attachments will scan the attachment in a secure
environment and provide a verdict on whether the attachment is safe or not.

Rationale
Enabling Safe Attachments policy helps protect against malware threats in email
attachments by analyzing suspicious attachments in a secure, cloud-based environment
before they are delivered to the user’s inbox. This provides an additional layer of
security and can prevent new or unseen types of malware from infiltrating the
organization’s network.

Implementation status

100% of users are affected by policies that are configured securely.

  • Strict Preset Security Policy1705599895932 – 1 users (100%)

User impact

Delivery of email with attachments may be delayed while scanning is occurring.

Users affected​

All of your Microsoft 365 users

Implementation

Prerequisites

You have Microsoft Defender for Office 365 P1.

Next steps

To enable the Safe Attachments policy:

  1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
  2. Click to expand E-mail & Collaboration select Policies & rules.
  3. On the Policies & rules page select Threat policies.
  4. Under Policies select Safe Attachments.
  5. Click + Create.
  6. Create a Policy Name and Description, and then click Next.
  7. Select all valid domains and click Next.
  8. Select Block.
  9. Quarantine policy is AdminOnlyAccessPolicy.
  10. Leave Enable redirect unchecked.
  11. Click Next and finally Submit.

Learn more

Set up Safe Attachments policies in Microsoft Defender for Office 365 | Microsoft Learn