Join Pete Zerger for an in-depth discussion in this video Configuring Exchange ATP policies, part of Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection.
- [Man] With Safe Attachment and Exchange Online Advanced Threat Protection, we can prevent malicious attachments from impacting your messaging environment even if their signatures are not known. You can set up an exchange ATP safe attachments policy using either the Office 365 security and compliance center or the exchange admin center. So we'll start by logging in to the Office 365 portal. Portal.office.com. See I get the kinetECO branded sign in page.
And once I'm logged in, we'll have a look at the Office 365 admin center. Under Admin centers I'll select Exchange. And then advanced threats from the menu at the left. And now I'm directly in the spot for safe attachments and safe links policies. Now all suspicious content goes through a real time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity.
Unsafe attachments are examined and executed in a sandbox, a detonation chamber, before being sent to recipients. The advantage is a malware-free, clean inbox with better zero-day attack protection. A quick note on prerequisites, you do want to make sure you're a member of either the hygiene management or organization management role group so you have the necessary permissions to set up an ATP safe attachments or safe links policy. So I'll click the plus sign to create a new policy.
And I'll call this policy No delays. So my intent is to send the messages immediately to the user with a note for any attachments that are still undergoing the scanning process. And as I go down the new safe attachments policy page, I'll select the radio button for dynamic delivery which will deliver that message without attachments immediately and reattach once the scan is complete. I'm going to also enable redirection of blocked, monitored, or replaced attachments to an administrator.
And I'll put my administrator address here. This could be a mail-enabled group, if you wish. And now I'll apply some rules. So I'm going to apply this to a recipient domain. There's my kinetecoenergy.com. I'll add. And so now this policy will apply directly to that domain. You'll notice here that dynamic email delivery only applies to Office 365 hosted mailboxes, which is fine in our case as we're entirely cloud hosted.
So after that policy is created, it will take a few minutes to set up your first policy and then around 30 minutes more for that policy to replicate to all of Microsoft's Office 365 data centers. And our policy is now complete. So let's switch gears and have a look at advanced threat protection safe links policies. So I'll click the safe links tab at the top of my page. The safe links option can help us protect our organization from malicious hyperlinks used in phishing and other attacks delivered via email.
If you're an Office 365 enterprise global or security administrator, you can set up ATP safe links policies to ensure that when people click hyperlinks your organization is protected. You can set up safe links policies for hyperlinks in emails as well as office documents. So by default, you'll notice that we have an advanced threat protection policy for our safe links here. And we cannot delete that default policy however we can edit that policy by clicking the little pencil icon there for edit.
You'll see here we have an option where we can add URLs that are known, malicious URLs. So as with safe attachments, safe links is going to apply that machine learning driven smart scanning process, but we can add some known malicious destinations here. So I'll leave that blank for now, but I want to draw your attention to the bottom of this window here where we can specify that safe links should be used in Office 2016 on Windows.
Now over at the right-hand side of your screen, you'll notice that today it mentions that safe links will be used on Office 2016 desktop versions and that it's not currently supported on mobile or Mac platforms. We know that that may change in the future, so keep an eye out when you check the box for Office 2016, just to notice the versions that are not supported for setting expectations with users and for security team awareness. And I will save.
As with my safe attachments policy, that will take just a few minute to replicate to all of Microsoft's data centers. And my safe links policy is now in place. And that's safe attachments and safe links in Exchange Online Advanced Threat Protection.
- Configuring virtual-based security
- Securing email
- Implementing post-breach defense
- Protecting the cloud with Azure AD
- Using Windows Defender ATP
- Managing privileged access in Azure