Enable Microsoft 365 Safe Attachments With PowerShell

In this blog post, we will learn how to enable Microsoft 365 Safe Attachments with PowerShell.

Microsoft Defender for Office 365

Safe Attachments is a Security service that is part of Microsoft Defender for Office 365. Using a detonation process, every email attachment is opened in a virtual environment and tested for malicious code or virus.

The process is happening before the message is delivered to the end-user and sometimes can add extra time to the delivery process of emails. the end result protests the end-users for attachments that contain viruses.

Enabling Safe Attachments

The process to enable the service involved two PowerShell cmdlets, the first cmdlet creates a policy and the second cmdlet creates a rule. This process is similar to enabling SafeLinks using PowerShell.

Before you start, install Exchange Online PowerShell module using the following commands.

Install-Module -Name ExchangeOnlineManagement

After installing command to Exchange Online using:


Let’s create the safe attachments policy first with the following cmdlet, make sure you add a valid email to redirect attachments for review.

New-SafeAttachmentPolicy -Name "NTWEEKLY" -action Block -Redirect $true -RedirectAddress email@yourdomain.local -Enable $true

After creating the policy, let’s create a rule (make sure to use the same name of the policy above in the SafeAttachmentPolicy switch).

New-SafeAttachmentRule -Name "NT-Safe-Attachment" -SafeAttachmentPolicy "NTWEEKLY" -RecipientDomainIs "ntweekly.com"

The above rule will enable Safe Attachments for emails going to ntweekly.com to add more domain use , and the domain name.