If you’re like me you enjoy the rich set of features included in Microsoft Defender for Office 365 including the Safe Links and Safe Attachments capabilities. Microsoft has announced a change to retire the ‘replace’ action in Safe Attachment policies and that is today’s #MicrosoftCloudQuickFix !
Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe Attachments uses a virtual environment to check attachments in email messages before they’re delivered thru a process know as detonation.
Safe Attachments protection is controlled by Safe Attachment policies configured in the Microsoft 365 Defender portal. In Safe Attachment policies one of the actions which can be applied to a message is the ‘Replace’ action which delivers only the message body to the recipient without the original attachments when it has been found to contain malware.
Beginning in September 2022 the ‘Replace’ action will be retired and no longer available for use in Safe Attachment policies. The first phase of the retirement will automatically apply the ‘Block’ action, which will quarantine the email, to any existing policies with the ‘Replace’ action specified.
The second phase of the retirement targeted to complete by late-October 2022 will remove the ‘Replace’ action altogether from the Microsoft Defender portal and any existing policies with it will be changed to use the ‘Block’ action.
There will not be a similar action to ‘Replace’ post retirement and we recommend that you review and update all applicable Safe Attachments policies in your tenant beforehand.
For more information on Safe Attachment policy settings in Microsoft Defender for Office 365 please see Safe Attachments – Office 365 | Microsoft Docs
#Microsoft #Microsoft365 #MicrosoftDefenderforOffice365 #MicrosoftCloudSecurity #MicrosoftCloudQuickFix
