Advanced Threat Protection Part 2: Safe Attachments

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back submarines to the M s. 3 65 Security Administration course. I'm your starter. Jim Daniels.
00:07
We're on module three in mystery 65. Threat Protection Lesson to a TV part two
00:13
Safe attachments.
00:16
In this lesson, we're gonna learn all about safe attachments,
00:19
functionality, man, asthma,
00:21
creation, about policy and user experience.
00:24
So an example of a unsafe attachment
00:28
is right there. First day of school. See the kids just clean on everything.
00:32
Unsafe attacks.
00:35
You want a few episodes you want a few lessons without a dad joke
00:39
had to be true to myself. I had to throw one in there
00:43
so there goes dirtiest. There's a dad joke.
00:47
I thought it was clever. However, your mouths will vary.
00:51
Safe attachments
00:52
is a feature in 03 65. 80 p that shanks have email attachments or malicious
00:58
and takes the appropriate action to protect your environment.
01:02
Safe attachments can also be extended to finals and SharePoint along one draw for business and teams.
01:07
Safe attachment policies are set by global or security administrators
01:14
because Microsoft, all those power show and you should to his administrator
01:19
some of the verbs with safe attachment policies and rules or as follows
01:26
we have get, which is similar across the whole board. Safe attachment policy. Get set new remove.
01:34
Same thing gets that new removed for safe attachment rules. We have rules and policies.
01:40
A big tip. Always have any Microsoft exam
01:42
when it comes to power. Show you don't memorize 1000 commands,
01:48
but you need to be familiar
01:49
with common verbs
01:52
and their command structure.
01:53
Safe attachment policy. Safe attachment. Role.
01:57
No. Those two,
01:59
along with the common verbs, get set new removed.
02:06
So let's look at creating a safe attacks from policy
02:09
permissions that you need to create a safe. Its national policy.
02:14
You didn't extend salon idea,
02:15
security admin or global admin.
02:19
Wait, I just said in a different screen, safe attachment policies are set by global or security administrators.
02:25
Yes, that's correct,
02:27
however,
02:28
and as of this time and exchange online and can still create a safe attachment policy
02:34
because they are also
02:36
available within the Exchange Online Admin center.
02:39
This is being phased out as it is being moved to the Security and Compliance Center.
02:46
Set up location. We just talked about a security compliance center. That's where all of this is moving to this for is your 80 p and your policies
02:53
exchange an incident.
02:54
It's still there for now
02:57
in our show.
02:59
In this example, we go to new safe attachment policy. We could give it a name.
03:04
We also have
03:05
the unknown our response. So we have a few things that we can do to it.
03:09
We can do off, which is not gonna scan
03:13
monitor, which means it reports, but it doesn't do anything.
03:15
Block
03:16
It blocks the current and future emails with that detective. Malware or replace.
03:23
Replace is where it delivers the message but strips out the attachment
03:29
or dynamic delivery
03:30
hamming deliveries where it
03:31
holds the attachment for scan
03:35
and then But it delivers the body first
03:38
so your user will get an email that says, Hey,
03:42
here's the content
03:43
and attachment Still being scanned wants the attachment is done Scanning. They'll receive the attachment.
03:49
Generally,
03:51
I don't recommend dynamic delivery
03:53
unless there's a good reason for maybe you're a stock trader or something like that. A hospital service
03:59
for our users down hamming delivery cause more confusion and support calls that was worth
04:04
eso. We do replace
04:08
actually get body of the email
04:10
and serve the malicious attachment. They get a text message that says, Hey, this attachment was deemed unsafe and has been replaced.
04:17
You can even do enable redirect
04:20
so you can sin that Blocked, Monitored will replace attachment to an additional
04:26
Andress.
04:28
You have the ability to apply this policy
04:30
to certain recipients,
04:33
certain domains
04:34
or recipients of certain groups.
04:38
So if you have a policy for the HR department
04:42
and were supplied to you, go to Recipient is a member off,
04:45
and hopefully you have a dynamic, membership based HR group.
04:49
That way, if there's a new HR employee next week, the stores have dynamically you put in that group that automatically be assigned the policy because of policies. Baseball department.
05:00
If you have multiple domains that your users send email strong and you won't differentiate between the policies for those domains,
05:08
you can do office until the recipient domain
05:11
to modify an existing safe attachment policy.
05:15
We opened up the policy,
05:16
and we can go to settings or we go to apply, and we can change it there.
05:20
Let's say you want to designate senders, domains or trusted sources to send an attachment without it being scanned.
05:28
Maybe you have a one prim relaying. You have a certain scanner, you have a high priority application. Whatever the Mindy, you can do that. This is how you actually do that.
05:39
You're going to exchange
05:41
on admin Center, go to the Mel fellow rules and create a new rule.
05:46
You want to have it configured to where it goes off the header. So you're gonna add
05:54
this header value
05:56
to the message.
05:58
That way, when it goes
06:00
out and gets delivered,
06:01
the header messages to say, Hey,
06:04
skin safe attachment Processing is good is trusted
06:10
so there won't be any delay in delivering those messages because they are for May
06:15
trusted
06:15
a reputable source within your organization.
06:19
You can also do this
06:20
for outside the organization. Say a center is located
06:26
on this domain
06:28
again. It's not necessarily recommended.
06:30
It's on a case by case scenario.
06:32
However, the option is there if you have some reason to implement it that way.
06:38
So these policies were great. Mel flow rules are great, but how does it affect your users?
06:43
Is a couple screenshots?
06:45
The left is what now
06:47
the right is desktop outlook.
06:50
So
06:51
on the left, it's my tried to do a JavaScript attachment.
06:56
It was deemed unsafe.
06:58
So it says Haiti attachments blocked.
07:01
This is just the block option. It's not the replace
07:04
on the right. This is dynamic.
07:06
This is where says, Hey,
07:09
80 p scan is in process.
07:12
But here's your message. You still get your message, but there's an attachment that you can see clearly is being scanned. It will be delivered after a scan
07:20
quiz,
07:21
which is the phone is not a power shell command to help manage safe attachments
07:29
within the
07:30
the recommendation special in exams. When it comes Mark herself in Power Shuttle. Be familiar
07:36
with the verbs,
07:38
while barbs doing don't exist
07:41
as well as
07:42
the command structure, safe attachment policy,
07:45
safe attachment room
07:46
buzz of those are valid and they exist.
07:50
So for this question, look at the verbs set new get delete
07:56
Which one of those does not belong
07:59
in our show
08:01
was one.
08:03
If you said delete, you're correct.
08:07
Delete. Dash
08:07
in the heart of man.
08:09
Remove dash. Yes, that's a command
08:13
again. Remove delete.
08:13
Same thing, however, with power show
08:16
No your votes
08:18
before you take any Microsoft exam. No, your verbs.
08:22
There you can me in structure what they're called
08:26
sincerely. That's the best tip I can give you for any Microsoft examined as power shell questions.
08:33
Don't devote half of your study time to memorizing power shell commands
08:39
To recap The lesson. Safe attachments is a feature within 03 65 80 p that checks if email attachments or malicious and takes action to protect your environment.
08:50
Safe attachments can also be extended into SharePoint alone. One. Drop for business and teams
08:56
exchange transport rules can be created to bypass the scans from certain locations. Domains. Rece enders
09:05
Thank you for joining me and learning about safe attachments. Hope to see you for the next lesson. Take care.
Up Next