4.6 Ensure Safe Attachments policy is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Enabling the Safe Attachments policy extends malware protections to include routing all messages and attachments without a known malware signature to a special hypervisor environment. In that environment, a behavior analysis is performed using a variety of machine learning and analysis techniques to detect malicious intent.


This policy increases the likelihood of identifying and stopping previously unknown malware.


Delivery of email with attachments may be delayed while scanning is occurring.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To enable the Safe Attachments policy, use the Microsoft 365 Admin Center:

Click Security to open the Microsoft 365 Defender portal.

Navigate to Policies & rules > Threat policies

Under Policies select Safe Attachments.

Click + Create.

Enter Policy Name and Description.

Select Block, Monitor, Replace or Dynamic Delivery.

Select Save.

Default Value:


See Also