Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

What Are Office 365 Safe Attachments?

Office 365 Safe Attachments is a feature of Microsoft 365 Advanced Threat Protection (also known as Microsoft 365 Defender) that provides another layer of protection to incoming emails by scanning its attachments for malicious software. Phishing emails and attacks are more prevalent than ever with the FBI Internet Crime Complaint Center reporting a 100% rise in business email compromise attacks and Osterman Research reporting that 48% of organizations have suffered a phishing-related breach. 

How Do Office 365 Safe Attachments Work?

Safe Attachments by Office 365 scans and analyzes email attachments to protect users from a phishing attack or malicious software being downloaded. The email attachments are taken to a virtual environment where it undergoes behavioral analysis to determine any malicious code or content present. If the attachment is deemed malicious, it will be removed from the email and just the body of the email will be delivered. The recipient will then be notified of the removed attachment. 

Safe Attachments is also known as cloud sandbox which is used to execute a file and monitor its behaviors for malicious indicators. The goal is to find malware threats that evade detection by the anti-malware engines in Exchange Online Protection (EOP). If you’re curious about the technical ins and outs of sandbox analysis, you can look at a sample report from Cyren’s cloud sandbox array.

Do Safe Attachments Work When I Use Sharepoint, OneDrive, Teams, or Other Office 365 Applications?

Along with your Microsoft email, Safe Attachments will scan files for malicious activity in Sharepoint, OneDrive, and Teams. However, Safe Attachments for these programs are not automatically enabled – you will need to be a member of the Organization or Security Administrator role groups and turn on Safe Attachments within the Microsoft 365 Defender portal. 

How Do I Know I Am Protected by Safe Attachments?

Safe Attachments will scan any email attachments sent to your inbox to determine if the attachment contains malicious software. If nothing is found, the attachment will be sent as normal. However, if malicious software is detected, the attachment will be removed and the user will receive an email containing a notice that the attachment was deleted.

Do Safe Links and Safe Attachments Impact My Email or Office 365?

Typically, Safe Links and Safe Attachments will not impact a user’s email or Office 365. The goal of these tools is to look for and protect users from phishing links and websites that are known to contain malicious software and prevent users from clicking on unsafe email attachments. They do not monitor the websites you visit, and if nothing malicious is found, your web and email experience will remain the same. 


Osterman whitepaper

Spend less time investigating suspicious messages and remediating threats.

Download the Report


What are the Pros and Cons of Microsoft 365 Advanced Threat Protection?

There are a number of pros to using Microsoft 365 Advanced Threat Protection (ATP) including:

  • Adding another layer of protection for your emails
  • Can easily be integrated into your Microsoft 365 email
  • Features malware protection and anti-phishing solution
  • Notifications for malicious software detection

However, there are also some cons, including:

  • ATP often requires a separate license
  • Can detect spam and malware but fails to effectively detect targeted phishing and BEC attacks. 
  • Minimal user engagement 
  • Microsoft is unable to rewrite or replace URLs that are not Office documents such as PDFs.

How To Get Started with O365 Safe Attachments

In order to get started with Safe Attachments, you’ll need to have Microsoft 365 Advanced Threat Protection  (ATP) Plan – 1 or 2. Current Microsoft 365 subscriptions that include ATP are:

  • Microsoft Business Premium
  • Office 365 E5
  • Microsoft 365 Enterprise E5
  • Microsoft 365 Education A5

Final Thoughts

While Office 365 Safe Attachments adds another beneficial layer of protection to emails, it’s not enough to fully secure Microsoft Office 365. In order to fully protect yourself or your organization from attackers, you’ll need an automated remediation tool that identifies, protects, and mitigates your email on an ongoing basis. Discover how you can do so with Cyren’s  Inbox Security for Microsoft 365

Ready to learn more about how an anti-phishing solution can protect your business? Get a demo with the Cyren team today.


Osterman whitepaper

Discover phishing, BEC, and ransomware threats for Microsoft 365 users.

Download the Report

Apr 25, 2022 | Office 365

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...