Microsoft has rolled out its new Safe Documents feature for the Microsoft 365 productivity suite. This builds upon the existing Protected View feature, which helps protect organisations from malicious documents sent from untrusted sources by opening them in a sandbox environment with limited editing features.
Users were previously able to exit Protected View relatively easy, causing some to abandon the sandbox protection a little too quickly. With the new feature enabled by an administrator, users will first need to wait for the file to be uploaded to Microsoft Defender Advanced Threat Protection (ATP) to be checked for known threats. Once a document has been validated as safe, users are given the opportunity to enable all editing features. Should a threat be detected, however, users will be blocked from leaving Protected View for that document, although they can continue to view it.
Through the Admin Portal, administrators can customise the policy for when users can still enable editing features. Administrators can also use the Advanced Hunting to get useful analytics for detected document attacks against their tenants.
In an announcement on the Microsoft 365 blog, the company said:
“Although Protected View helps secure documents originating outside the organization, people too often exit the protection sandbox without considering if the document is safe—leaving their organizations vulnerable. To improve this trust promotion experience for Microsoft 365 Apps, Safe Documents takes away the guesswork by automatically verifying the document against the latest known risks and threat profiles before allowing users to leave the Protected View container.”
The announcement adds later:
“When an admin enables Safe Documents for their tenant, untrusted files that open in Protected View go through an additional flow where the document is uploaded and scanned by Microsoft Defender ATP.”
The new feature is disabled by default, so to benefit from this added protection, administrators will need to navigate to the “Threat Management” section of the Security & Compliance centre. Under “Policy” and “ATP Safe Attachments”, there is an option to enable Safe Documents, as well as a further option to allow tenants to edit documents even if a threat is detected.
By adding this new feature to the Microsoft 365 productivity suite, Microsoft will surely prevent a number of cyberattacks from succeeding by not allowing end users to open unsafe documents. However, while any security improvement is welcome, this should not lead to a false sense of security. Microsoft uses advanced technology to quickly react to threats, but it may still be possible for an unknown threat to get through undetected. This means that training staff to detect potential cyberattacks is still the only universally effective way to counter them.
Nevertheless, the new feature again shows the advantage of adopting Microsoft Office as a service rather than as a one-off purchase. At Pro-Networks, we can help you to migrate over to Microsoft 365 as part of our office IT support, or if needed, we can train your staff to use it effectively and safely.