Elevate Security: Implementing Safe Attachments & Links in Microsoft Collaboration Tools

In today’s dynamic business environment, securing your organization against cyber threats is a top priority. Microsoft’s Extended Detection and Response (XDR) platform offers powerful tools like Safe Attachment and Safe Link policies that help protect your SharePoint, OneDrive, and Teams environments. This blog provides a step-by-step guide to implementing these policies using a business case scenario.

Business Case Scenario

Company: Contoso Ltd.
Industry: Financial Services
Challenge: Contoso’s employees often collaborate with external vendors through SharePoint, OneDrive, and Microsoft Teams. They face risks from malicious files and phishing links shared during these interactions. The IT team wants to implement proactive measures to secure the organization without disrupting workflows.

Step-by-Step Implementation

Step 1: Plan Your Security Strategy

1. Identify the scope: Focus on SharePoint, OneDrive, and Teams.
2. Understand policies: Safe Attachments scans attachments for malware, while Safe Links rewrites URLs to check for malicious destinations when clicked.
3. Prepare prerequisites:
   • Microsoft Defender for Office 365 Plan 2 license.
   • Global admin or Security admin role in Microsoft 365.

Step 2: Access the Microsoft 365 Defender Portal

1. Go to Microsoft 365 Defender.
2. Log in with your admin credentials.

Step 3: Configure Safe Attachments Policy
3.1 Create the Policy

1. In the Defender portal, navigate to Threat Management > Policy > Safe Attachments.
2. Click + Create to create a new policy.

3.2 Define Policy Scope

1. Name: “Safe Attachments for Collaboration.”
2. Mode: Select “Dynamic Delivery” to allow users to preview the email while attachments are scanned.
3. Apply To:
   • SharePoint and OneDrive: Protect uploaded and shared files.
   • Microsoft Teams: Protect files shared in chats and channels.

3.3 Set Actions

1. Configure actions for detected threats:
   • Block the file.
   • Notify the admin and affected users.
2. Save and activate the policy.

Step 4: Configure Safe Links Policy
4.1 Create the Policy

1. In the Defender portal, go to Threat Management > Policy > Safe Links.
2. Click + Create to create a new policy.

4.2 Define Policy Scope

1. Name: “Safe Links for Collaboration.”
2. Users: Apply to all users or specific groups interacting with external collaborators.
3. Services: Enable for SharePoint, OneDrive, and Teams.

4.3 Configure URL Actions

1. Enable “Do not allow users to click through to the original URL.”
2. Turn on URL tracing to collect analytics for clicked links.

4.4 Set Notifications

1. Notify users when a malicious link is detected and blocked.
2. Save and activate the policy.

Step 5: Test the Policies

1. Simulate Threats:
   • Upload a test file with a harmless but detectable malware signature to OneDrive.
   • Share a test phishing URL through Teams.
2. Verify Actions:
   • Ensure the test file is blocked and notifications are triggered.
   • Confirm the URL is rewritten and blocked upon clicking.

Step 6: Monitor and Fine-tune

1. Use Reports:
   • Go to Threat Management > Reports to view detections.
   • Analyze blocked files and malicious links.
2. Adjust Policies: Modify settings based on observed behaviour to reduce false positives.

Step 7: Educate Employees

1. Conduct awareness sessions about security measures.
2. Share best practices for handling external files and links.

Conclusion

By implementing Safe Attachment and Safe Link policies through Microsoft XDR, Contoso Ltd. secures its collaborative platforms without hindering productivity. Proactive monitoring and employee education further enhance the security posture, protecting the organization from evolving cyber threats. Deploy above mentioned steps in your organization to fortify defences against malicious content and ensure seamless collaboration.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner,  AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.