Microsoft 365

4 Mins Read

Elevate Security: Implementing Safe Attachments & Links in Microsoft Collaboration Tools

Voiced by Amazon Polly

In today’s dynamic business environment, securing your organization against cyber threats is a top priority. Microsoft’s Extended Detection and Response (XDR) platform offers powerful tools like Safe Attachment and Safe Link policies that help protect your SharePoint, OneDrive, and Teams environments. This blog provides a step-by-step guide to implementing these policies using a business case scenario.

Become an Azure Expert in Just 2 Months with Industry-Certified Trainers

  • Career-Boosting Skills
  • Hands-on Labs
  • Flexible Learning
Enroll Now

Business Case Scenario

Company: Contoso Ltd.
Industry: Financial Services
Challenge: Contoso’s employees often collaborate with external vendors through SharePoint, OneDrive, and Microsoft Teams. They face risks from malicious files and phishing links shared during these interactions. The IT team wants to implement proactive measures to secure the organization without disrupting workflows.

Step-by-Step Implementation

Step 1: Plan Your Security Strategy

  1. Identify the scope: Focus on SharePoint, OneDrive, and Teams.
  2. Understand policies: Safe Attachments scans attachments for malware, while Safe Links rewrites URLs to check for malicious destinations when clicked.
  3. Prepare prerequisites:
    • Microsoft Defender for Office 365 Plan 2 license.
    • Global admin or Security admin role in Microsoft 365.

Step 2: Access the Microsoft 365 Defender Portal

  1. Go to Microsoft 365 Defender.
  2. Log in with your admin credentials.


Step 3: Configure Safe Attachments Policy
3.1 Create the Policy

  1. In the Defender portal, navigate to Threat Management > Policy > Safe Attachments.
  2. Click + Create to create a new policy.

3.2 Define Policy Scope

  1. Name: “Safe Attachments for Collaboration.”
  2. Mode: Select “Dynamic Delivery” to allow users to preview the email while attachments are scanned.
  3. Apply To:
    • SharePoint and OneDrive: Protect uploaded and shared files.
    • Microsoft Teams: Protect files shared in chats and channels.

3.3 Set Actions

  1. Configure actions for detected threats:
    • Block the file.
    • Notify the admin and affected users.
  2. Save and activate the policy.

Step 4: Configure Safe Links Policy
4.1 Create the Policy

  1. In the Defender portal, go to Threat Management > Policy > Safe Links.
  2. Click + Create to create a new policy.

4.2 Define Policy Scope

  1. Name: “Safe Links for Collaboration.”
  2. Users: Apply to all users or specific groups interacting with external collaborators.
  3. Services: Enable for SharePoint, OneDrive, and Teams.

4.3 Configure URL Actions

  1. Enable “Do not allow users to click through to the original URL.”
  2. Turn on URL tracing to collect analytics for clicked links.

4.4 Set Notifications

  1. Notify users when a malicious link is detected and blocked.
  2. Save and activate the policy.

Step 5: Test the Policies

  1. Simulate Threats:
    • Upload a test file with a harmless but detectable malware signature to OneDrive.
    • Share a test phishing URL through Teams.
  2. Verify Actions:
    • Ensure the test file is blocked and notifications are triggered.
    • Confirm the URL is rewritten and blocked upon clicking.

Step 6: Monitor and Fine-tune

  1. Use Reports:
    • Go to Threat Management > Reports to view detections.
    • Analyze blocked files and malicious links.
  2. Adjust Policies: Modify settings based on observed behaviour to reduce false positives.

Step 7: Educate Employees

  1. Conduct awareness sessions about security measures.
  2. Share best practices for handling external files and links.

Conclusion

By implementing Safe Attachment and Safe Link policies through Microsoft XDR, Contoso Ltd. secures its collaborative platforms without hindering productivity. Proactive monitoring and employee education further enhance the security posture, protecting the organization from evolving cyber threats. Deploy above mentioned steps in your organization to fortify defences against malicious content and ensure seamless collaboration.

Enhance Your Productivity with Microsoft Copilot

  • Effortless Integration
  • AI-Powered Assistance
Get Started Now

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. What are Safe Attachments and Safe Links in Microsoft XDR?

ANS: – Safe Attachments scans and blocks malicious files uploaded or shared via SharePoint, OneDrive, and Teams. Safe Links rewrites URLs in messages to check their destination and prevent access to malicious sites when clicked.

2. What prerequisites are needed to implement these policies?

ANS: – You need a Microsoft Defender for Office 365 Plan 2 license and admin permissions (Global admin or Security admin) to access and configure these policies.

3. How does the 'Dynamic Delivery' mode work in Safe Attachments?

ANS: – In Dynamic Delivery mode, users can view email content while the attachments are being scanned. If an attachment is found to be malicious, it is blocked without disrupting user workflows.

4. Can Safe Links protect external collaborators in Teams?

ANS: – Yes, Safe Links can protect users interacting with external collaborators by rewriting URLs shared in chats and channels, ensuring any malicious links are blocked.

5. What should I do if a legitimate file or link is mistakenly flagged?

ANS: – You can adjust the policy settings or add specific exceptions for trusted files and links. Use threat management reports to analyze and refine policies to minimize false positives.

6. How do I test if the policies are working correctly?

ANS: – Simulate threats by uploading a test file with a detectable malware signature or sharing a test phishing URL. Verify that these are detected and appropriately blocked as per your policy configurations.

WRITTEN BY Rahulkumar Mehta

Share

PREV

NEXT

Comments

    Click to Comment

Related Resources

Google Cloud (GCP)

Top Google Cloud Certifications to Boost Your Career in

By Laxmi Sharma

Jul 30, 2025

AWS, Cloud Computing, DevOps

Integrating AWS DevOps Services into Backstage - Part 1

By Karnam Bhargava

Jul 29, 2025

Apps Development, AWS, Cloud Computing

Using Post Confirmation AWS Lambda Triggers in Amazon Cognito

By Anusha R

Jul 29, 2025

Cloud Computing, DevOps

A Guide to Kubernetes Security and Runtime Defense

By Musheer Alam

Jul 29, 2025

AWS, Cloud Computing, DevOps

Automating ML Training with AWS CodePipeline, Kubernetes, and MLflow

By Harsha Vardhini M

Jul 29, 2025

AI/ML, Cloud Computing, DevOps

Building a Flexible ML Training Script with Python

By Harsha Vardhini M

Jul 29, 2025

AWS, Cloud Computing, DevOps

Deploying MLflow on Amazon EKS with Terraform

By Keerthana N

Jul 29, 2025

AWS, Cloud Computing, DevOps

Automating ML Image Builds with AWS CodePipeline and Amazon

By Keerthana N

Jul 29, 2025

Apps Development, AWS, Azure

Understanding Open-Source Software and Its Benefits

By Aastha Pancholi

Jul 29, 2025

AWS, Azure, Cloud Computing

The Role of CDNs in Modern Web and App

By Aastha Pancholi

Jul 29, 2025

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!