In this blog post, we will learn how to enable Microsoft 365 Safe Attachments with PowerShell.
Microsoft Defender for Office 365
Safe Attachments is a Security service that is part of Microsoft Defender for Office 365. Using a detonation process, every email attachment is opened in a virtual environment and tested for malicious code or virus.
The process is happening before the message is delivered to the end-user and sometimes can add extra time to the delivery process of emails. the end result protests the end-users for attachments that contain viruses.
Enabling Safe Attachments
The process to enable the service involved two PowerShell cmdlets, the first cmdlet creates a policy and the second cmdlet creates a rule. This process is similar to enabling SafeLinks using PowerShell.
Before you start, install Exchange Online PowerShell module using the following commands.
Install-Module -Name ExchangeOnlineManagement
After installing command to Exchange Online using:
connect-exchangeonline
Let’s create the safe attachments policy first with the following cmdlet, make sure you add a valid email to redirect attachments for review.
New-SafeAttachmentPolicy -Name "NTWEEKLY" -action Block -Redirect $true -RedirectAddress email@yourdomain.local -Enable $true
After creating the policy, let’s create a rule (make sure to use the same name of the policy above in the SafeAttachmentPolicy switch).
New-SafeAttachmentRule -Name "NT-Safe-Attachment" -SafeAttachmentPolicy "NTWEEKLY" -RecipientDomainIs "ntweekly.com"
The above rule will enable Safe Attachments for emails going to ntweekly.com to add more domain use , and the domain name.