Elevate Security: Implementing Safe Attachments & Links in Microsoft Collaboration Tools

Voiced by Amazon Polly

In today’s dynamic business environment, securing your organization against cyber threats is a top priority. Microsoft’s Extended Detection and Response (XDR) platform offers powerful tools like Safe Attachment and Safe Link policies that help protect your SharePoint, OneDrive, and Teams environments. This blog provides a step-by-step guide to implementing these policies using a business case scenario.

Become an Azure Expert in Just 2 Months with Industry-Certified Trainers

Career-Boosting Skills
Hands-on Labs
Flexible Learning

Enroll Now

Business Case Scenario

Company: Contoso Ltd.
Industry: Financial Services
Challenge: Contoso’s employees often collaborate with external vendors through SharePoint, OneDrive, and Microsoft Teams. They face risks from malicious files and phishing links shared during these interactions. The IT team wants to implement proactive measures to secure the organization without disrupting workflows.

Step-by-Step Implementation

Step 1: Plan Your Security Strategy

Identify the scope: Focus on SharePoint, OneDrive, and Teams.
Understand policies: Safe Attachments scans attachments for malware, while Safe Links rewrites URLs to check for malicious destinations when clicked.
Prepare prerequisites:
- Microsoft Defender for Office 365 Plan 2 license.
- Global admin or Security admin role in Microsoft 365.

Step 2: Access the Microsoft 365 Defender Portal

Go to Microsoft 365 Defender.
Log in with your admin credentials.

Step 3: Configure Safe Attachments Policy
3.1 Create the Policy

In the Defender portal, navigate to Threat Management > Policy > Safe Attachments.
Click + Create to create a new policy.

3.2 Define Policy Scope

Name: “Safe Attachments for Collaboration.”
Mode: Select “Dynamic Delivery” to allow users to preview the email while attachments are scanned.
Apply To:
- SharePoint and OneDrive: Protect uploaded and shared files.
- Microsoft Teams: Protect files shared in chats and channels.

3.3 Set Actions

Configure actions for detected threats:
- Block the file.
- Notify the admin and affected users.
Save and activate the policy.

Step 4: Configure Safe Links Policy
4.1 Create the Policy

In the Defender portal, go to Threat Management > Policy > Safe Links.
Click + Create to create a new policy.

4.2 Define Policy Scope

Name: “Safe Links for Collaboration.”
Users: Apply to all users or specific groups interacting with external collaborators.
Services: Enable for SharePoint, OneDrive, and Teams.

4.3 Configure URL Actions

Enable “Do not allow users to click through to the original URL.”
Turn on URL tracing to collect analytics for clicked links.

4.4 Set Notifications

Notify users when a malicious link is detected and blocked.
Save and activate the policy.

Step 5: Test the Policies

Simulate Threats:
- Upload a test file with a harmless but detectable malware signature to OneDrive.
- Share a test phishing URL through Teams.
Verify Actions:
- Ensure the test file is blocked and notifications are triggered.
- Confirm the URL is rewritten and blocked upon clicking.

Step 6: Monitor and Fine-tune

Use Reports:
- Go to Threat Management > Reports to view detections.
- Analyze blocked files and malicious links.
Adjust Policies: Modify settings based on observed behaviour to reduce false positives.

Step 7: Educate Employees

Conduct awareness sessions about security measures.
Share best practices for handling external files and links.

Conclusion

By implementing Safe Attachment and Safe Link policies through Microsoft XDR, Contoso Ltd. secures its collaborative platforms without hindering productivity. Proactive monitoring and employee education further enhance the security posture, protecting the organization from evolving cyber threats. Deploy above mentioned steps in your organization to fortify defences against malicious content and ensure seamless collaboration.

Enhance Your Productivity with Microsoft Copilot

Effortless Integration
AI-Powered Assistance

Get Started Now

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. What are Safe Attachments and Safe Links in Microsoft XDR?

ANS: – Safe Attachments scans and blocks malicious files uploaded or shared via SharePoint, OneDrive, and Teams. Safe Links rewrites URLs in messages to check their destination and prevent access to malicious sites when clicked.

2. What prerequisites are needed to implement these policies?

ANS: – You need a Microsoft Defender for Office 365 Plan 2 license and admin permissions (Global admin or Security admin) to access and configure these policies.

3. How does the 'Dynamic Delivery' mode work in Safe Attachments?

ANS: – In Dynamic Delivery mode, users can view email content while the attachments are being scanned. If an attachment is found to be malicious, it is blocked without disrupting user workflows.

4. Can Safe Links protect external collaborators in Teams?

ANS: – Yes, Safe Links can protect users interacting with external collaborators by rewriting URLs shared in chats and channels, ensuring any malicious links are blocked.

5. What should I do if a legitimate file or link is mistakenly flagged?

ANS: – You can adjust the policy settings or add specific exceptions for trusted files and links. Use threat management reports to analyze and refine policies to minimize false positives.

6. How do I test if the policies are working correctly?

ANS: – Simulate threats by uploading a test file with a detectable malware signature or sharing a test phishing URL. Verify that these are detected and appropriately blocked as per your policy configurations.