Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Safe Documents Feature in Microsoft 365 Apps Now Generally Available

Microsoft this week announced that Safe Documents, a feature meant to boost the protection of Microsoft 365 users when opening unsafe documents, is generally available.

Microsoft this week announced that Safe Documents, a feature meant to boost the protection of Microsoft 365 users when opening unsafe documents, is generally available.

Initially introduced in November, Safe Documents brings Office ATP capabilities to the desktop and provides users with increased protection compared to Protected View, which was first announced in Office 2010.

With Safe Documents now generally available for Microsoft 365 E5 and Microsoft 365 E5 Security licenses for Commercial and Education customers on Windows clients, untrusted files are verified to ensure that no harm would come to a user’s machine when exiting Protected View.

Users often exit the protection sandbox that Protected View delivers without considering whether the document originating from outside the organization is safe or not, thus exposing enterprises to potential attacks.

Safe Documents, which takes advantage of Microsoft Intelligent Security Graph, automatically verifies the document to determine if it poses a security risk before allowing the user to leave Protected View (the document is uploaded and scanned by Microsoft Defender Advanced Threat Protection).

During the scan, users are not allowed to exit the Protected View container, although they can access and read the document. Editing is not available either. After a successful scan, users will be able to leave the Protected View container.

If the file is considered malicious, users won’t be able to leave the Protected View container. However, admins will have the option to allow users to bypass the protection and ‘Enable Editing’ for malicious scenarios, from the Admin portal.

Microsoft also announced the integration of Microsoft Defender ATP features such as Advanced Hunting, which allows admins to get additional details in their tenants with the DeviceEvents table, and filtering for ActionType ‘SafeDocFileScan’.

Safe Documents is off by default, but Security Administrators can enable it by going to the Security & Compliance center and selecting Threat Management > Policy > ATP Safe Attachments. There, they will find the settings to ‘Turn on Safe Documents for Office clients’, as well as the option to allow users to bypass protections for malicious files.

Related: Microsoft Brings Safe Documents, Application Guard to More 365 ProPlus Users

Related: Microsoft Announces New Security Capabilities Across Platforms

Related: DHS Reiterates Recommendations on Securing Office 365

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cybercrime

Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers.