Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back submarines to the M s. 3 65 Security Administration course. I'm your starter. Jim Daniels.
00:07
We're on module three in mystery 65. Threat Protection Lesson to a TV part two
00:13
Safe attachments.
00:16
In this lesson, we're gonna learn all about safe attachments,
00:19
functionality, man, asthma,
00:21
creation, about policy and user experience.
00:24
So an example of a unsafe attachment
00:28
is right there. First day of school. See the kids just clean on everything.
00:32
Unsafe attacks.
00:35
You want a few episodes you want a few lessons without a dad joke
00:39
had to be true to myself. I had to throw one in there
00:43
so there goes dirtiest. There's a dad joke.
00:47
I thought it was clever. However, your mouths will vary.
00:51
Safe attachments
00:52
is a feature in 03 65. 80 p that shanks have email attachments or malicious
00:58
and takes the appropriate action to protect your environment.
01:02
Safe attachments can also be extended to finals and SharePoint along one draw for business and teams.
01:07
Safe attachment policies are set by global or security administrators
01:14
because Microsoft, all those power show and you should to his administrator
01:19
some of the verbs with safe attachment policies and rules or as follows
01:26
we have get, which is similar across the whole board. Safe attachment policy. Get set new remove.
01:34
Same thing gets that new removed for safe attachment rules. We have rules and policies.
01:40
A big tip. Always have any Microsoft exam
01:42
when it comes to power. Show you don't memorize 1000 commands,
01:48
but you need to be familiar
01:49
with common verbs
01:52
and their command structure.
01:53
Safe attachment policy. Safe attachment. Role.
01:57
No. Those two,
01:59
along with the common verbs, get set new removed.
02:06
So let's look at creating a safe attacks from policy
02:09
permissions that you need to create a safe. Its national policy.
02:14
You didn't extend salon idea,
02:15
security admin or global admin.
02:19
Wait, I just said in a different screen, safe attachment policies are set by global or security administrators.
02:25
Yes, that's correct,
02:27
however,
02:28
and as of this time and exchange online and can still create a safe attachment policy
02:34
because they are also
02:36
available within the Exchange Online Admin center.
02:39
This is being phased out as it is being moved to the Security and Compliance Center.
02:46
Set up location. We just talked about a security compliance center. That's where all of this is moving to this for is your 80 p and your policies
02:53
exchange an incident.
02:54
It's still there for now
02:57
in our show.
02:59
In this example, we go to new safe attachment policy. We could give it a name.
03:04
We also have
03:05
the unknown our response. So we have a few things that we can do to it.
03:09
We can do off, which is not gonna scan
03:13
monitor, which means it reports, but it doesn't do anything.
03:15
Block
03:16
It blocks the current and future emails with that detective. Malware or replace.
03:23
Replace is where it delivers the message but strips out the attachment
03:29
or dynamic delivery
03:30
hamming deliveries where it
03:31
holds the attachment for scan
03:35
and then But it delivers the body first
03:38
so your user will get an email that says, Hey,
03:42
here's the content
03:43
and attachment Still being scanned wants the attachment is done Scanning. They'll receive the attachment.
03:49
Generally,
03:51
I don't recommend dynamic delivery
03:53
unless there's a good reason for maybe you're a stock trader or something like that. A hospital service
03:59
for our users down hamming delivery cause more confusion and support calls that was worth
04:04
eso. We do replace
04:08
actually get body of the email
04:10
and serve the malicious attachment. They get a text message that says, Hey, this attachment was deemed unsafe and has been replaced.
04:17
You can even do enable redirect
04:20
so you can sin that Blocked, Monitored will replace attachment to an additional
04:26
Andress.
04:28
You have the ability to apply this policy
04:30
to certain recipients,
04:33
certain domains
04:34
or recipients of certain groups.
04:38
So if you have a policy for the HR department
04:42
and were supplied to you, go to Recipient is a member off,
04:45
and hopefully you have a dynamic, membership based HR group.
04:49
That way, if there's a new HR employee next week, the stores have dynamically you put in that group that automatically be assigned the policy because of policies. Baseball department.
05:00
If you have multiple domains that your users send email strong and you won't differentiate between the policies for those domains,
05:08
you can do office until the recipient domain
05:11
to modify an existing safe attachment policy.
05:15
We opened up the policy,
05:16
and we can go to settings or we go to apply, and we can change it there.
05:20
Let's say you want to designate senders, domains or trusted sources to send an attachment without it being scanned.
05:28
Maybe you have a one prim relaying. You have a certain scanner, you have a high priority application. Whatever the Mindy, you can do that. This is how you actually do that.
05:39
You're going to exchange
05:41
on admin Center, go to the Mel fellow rules and create a new rule.
05:46
You want to have it configured to where it goes off the header. So you're gonna add
05:54
this header value
05:56
to the message.
05:58
That way, when it goes
06:00
out and gets delivered,
06:01
the header messages to say, Hey,
06:04
skin safe attachment Processing is good is trusted
06:10
so there won't be any delay in delivering those messages because they are for May
06:15
trusted
06:15
a reputable source within your organization.
06:19
You can also do this
06:20
for outside the organization. Say a center is located
06:26
on this domain
06:28
again. It's not necessarily recommended.
06:30
It's on a case by case scenario.
06:32
However, the option is there if you have some reason to implement it that way.
06:38
So these policies were great. Mel flow rules are great, but how does it affect your users?
06:43
Is a couple screenshots?
06:45
The left is what now
06:47
the right is desktop outlook.
06:50
So
06:51
on the left, it's my tried to do a JavaScript attachment.
06:56
It was deemed unsafe.
06:58
So it says Haiti attachments blocked.
07:01
This is just the block option. It's not the replace
07:04
on the right. This is dynamic.
07:06
This is where says, Hey,
07:09
80 p scan is in process.
07:12
But here's your message. You still get your message, but there's an attachment that you can see clearly is being scanned. It will be delivered after a scan
07:20
quiz,
07:21
which is the phone is not a power shell command to help manage safe attachments
07:29
within the
07:30
the recommendation special in exams. When it comes Mark herself in Power Shuttle. Be familiar
07:36
with the verbs,
07:38
while barbs doing don't exist
07:41
as well as
07:42
the command structure, safe attachment policy,
07:45
safe attachment room
07:46
buzz of those are valid and they exist.
07:50
So for this question, look at the verbs set new get delete
07:56
Which one of those does not belong
07:59
in our show
08:01
was one.
08:03
If you said delete, you're correct.
08:07
Delete. Dash
08:07
in the heart of man.
08:09
Remove dash. Yes, that's a command
08:13
again. Remove delete.
08:13
Same thing, however, with power show
08:16
No your votes
08:18
before you take any Microsoft exam. No, your verbs.
08:22
There you can me in structure what they're called
08:26
sincerely. That's the best tip I can give you for any Microsoft examined as power shell questions.
08:33
Don't devote half of your study time to memorizing power shell commands
08:39
To recap The lesson. Safe attachments is a feature within 03 65 80 p that checks if email attachments or malicious and takes action to protect your environment.
08:50
Safe attachments can also be extended into SharePoint alone. One. Drop for business and teams
08:56
exchange transport rules can be created to bypass the scans from certain locations. Domains. Rece enders
09:05
Thank you for joining me and learning about safe attachments. Hope to see you for the next lesson. Take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor