Microsoft announced yesterday (June 22) that Safe Documents, which was announced in a private preview in February, is now available for select corporate and educational users of Office 365
This new feature alerts users to security threats in documents they download The feature is intended to "keep corporate users safe by validating untrusted files on their behalf"
The Safe Documents feature analyzes files for security risks and does not allow users to exit Protected View until the analysis is complete
Microsoft's Kenny See blogged: "Protected View helps protect documents originating outside the organization, but too often people exit the Protected Sandbox without considering whether the documents are secure [To improve this trust-promoting experience for Microsoft 365 apps, Safe Documents takes the guesswork out of it by automatically validating documents against the latest known risk and threat profiles before allowing users to leave the protection view container Safe Documents eliminates guesswork by automatically validating documents against the latest known risks and threat profiles before allowing users to leave the protection view container [Safe Documents is powered by Microsoft Defender Advanced Threat Protection, which ensures that files are not compromised and pose no risk to users [Safe Documents leverages the power of Microsoft Intelligent Security Graph and brings it to the desktop [When an administrator enables Safe Documents for a tenant, untrusted files opened in Protected View pass through an additional flow where the document is uploaded and scanned by Microsoft Defender ATP
Microsoft Defender ATP is the enterprise version of Windows Defender antivirus software available on consumer Windows systems Safe Documents is not turned on by default and must be enabled by the administrator
Microsoft has confirmed that once a scan is performed, users can view but not edit documents until the scan is finished
If a malicious file is detected, Microsoft said the user is "blocked from leaving the protected view container"
The company explained: administrators can configure in the Admin Portal whether users can bypass malicious scenarios and "enable editing"
Users will also be able to use the Advanced Hunting feature from Microsoft Defender Advanced Threat Protection
Microsoft states that users can "use the DeviceEvents table and filter for ActionType 'SafeDocFileScan' to get additional details in the tenant"
To configure this feature, security administrators go to Security & Compliance Center > Threat Management > Policy > ATP Safe Attachments Here, there is an option to "Turn on Safe Documents for Office Clients"
This feature should significantly reduce the number of successful malware attacks against Office 365 customers Malware often enters computers via Word or Excel attachments to emails
Protected view has long been intended to combat that, but clearly, many people find protected view annoying and end up not considering the potential impact Microsoft is, in effect, giving you greater protection by removing some of your power to make mistakes
Comments