Microsoft this week announced that Safe Documents, a feature meant to boost the protection of Microsoft 365 users when opening unsafe documents, is generally available.
Initially introduced in November, Safe Documents brings Office ATP capabilities to the desktop and provides users with increased protection compared to Protected View, which was first announced in Office 2010.
With Safe Documents now generally available for Microsoft 365 E5 and Microsoft 365 E5 Security licenses for Commercial and Education customers on Windows clients, untrusted files are verified to ensure that no harm would come to a user’s machine when exiting Protected View.
Users often exit the protection sandbox that Protected View delivers without considering whether the document originating from outside the organization is safe or not, thus exposing enterprises to potential attacks.
Safe Documents, which takes advantage of Microsoft Intelligent Security Graph, automatically verifies the document to determine if it poses a security risk before allowing the user to leave Protected View (the document is uploaded and scanned by Microsoft Defender Advanced Threat Protection).
During the scan, users are not allowed to exit the Protected View container, although they can access and read the document. Editing is not available either. After a successful scan, users will be able to leave the Protected View container.
If the file is considered malicious, users won’t be able to leave the Protected View container. However, admins will have the option to allow users to bypass the protection and ‘Enable Editing’ for malicious scenarios, from the Admin portal.
Microsoft also announced the integration of Microsoft Defender ATP features such as Advanced Hunting, which allows admins to get additional details in their tenants with the DeviceEvents table, and filtering for ActionType ‘SafeDocFileScan’.
Safe Documents is off by default, but Security Administrators can enable it by going to the Security & Compliance center and selecting Threat Management > Policy > ATP Safe Attachments. There, they will find the settings to ‘Turn on Safe Documents for Office clients’, as well as the option to allow users to bypass protections for malicious files.
Related: Microsoft Brings Safe Documents, Application Guard to More 365 ProPlus Users
Related: Microsoft Announces New Security Capabilities Across Platforms
Related: DHS Reiterates Recommendations on Securing Office 365