Creating safe attachment policies in O365

Creating safe attachment policies by using the Security & Compliance Center

You can set up an ATP safe attachments policy using either the Security & Compliance Center or the Exchange admin center (EAC).

Creating a new safe attachment policy:

The following steps describe how to create a new safe attachment policy.

  1. Go to the Security & Compliance Center. Sign in using your admin account credentials.

  2. In the Security & Compliance Center, in the left navigation pane, click Threat management > Policy.

  3. Click ATP Safe Attachments.

  4. Click the New (+) icon to open the new safe attachments policy page.

  5. Enter a name and description (optional) for your policy.

  6. Under Select the action for unknown malware in attachments, choose from one of the following options:

    • Off. Attachments will not be scanned for malware.

    • Monitor. Continue delivering the message after malware is detected and track the scanning results.

    • Block. Blocks the current and future emails and attachments with detected malware.

    • Replace. Blocks the attachments with detected malware but continues to deliver the message body to the user.

    • Dynamic delivery. Immediately delivers the message body without attachments and reattaches attachments after scanning if they are found to be safe.

Note: For more details about each of these options, refer to the “Safe attachments policy options” topic in the previous lesson.

  1. Under Redirect attachment on detection you have the ability to enable one or both of the following settings:
    • If you want to forward attachments that are blocked, replaced, or monitored to a security administrator in your organization for further investigation, check the Enable redirect checkbox and enter an email address.

    • You can also have those attachments forwarded if the scanning process should time out by selecting the Apply the above selection if malware scanning for attachments times out or error occurs checkbox.

  1. Under Applied To, click the drop-down list above the add condition button to specify the users, groups, or domains that the policy will be applied to. You can select from among the following options:
    • The recipient is

    • The recipient domain is

    • The recipient is a member of

Note: You can add multiple conditions, if required. For instance, you could select a combination of a distribution group in your organization and someone in your organization who is not a member of that group.

  1. You can also add exceptions. For example, you could configure a condition to specify a particular domain in your organization while excluding the security team.

  1. When you have finished with the settings, click Save.

Note: You can set up multiple safe attachments policies for your organization. These policies will be applied in the order they’re listed on the ATP safe attachments page. It can take up to 30 minutes for the safe attachments policy changes to take effect.

Leave a Reply

%d bloggers like this: