Welcome back submarines to the M s. 3 65 Security Administration course. I'm your starter. Jim Daniels.
We're on module three in mystery 65. Threat Protection Lesson to a TV part two
In this lesson, we're gonna learn all about safe attachments,
functionality, man, asthma,
creation, about policy and user experience.
So an example of a unsafe attachment
is right there. First day of school. See the kids just clean on everything.
You want a few episodes you want a few lessons without a dad joke
had to be true to myself. I had to throw one in there
so there goes dirtiest. There's a dad joke.
I thought it was clever. However, your mouths will vary.
is a feature in 03 65. 80 p that shanks have email attachments or malicious
and takes the appropriate action to protect your environment.
Safe attachments can also be extended to finals and SharePoint along one draw for business and teams.
Safe attachment policies are set by global or security administrators
because Microsoft, all those power show and you should to his administrator
some of the verbs with safe attachment policies and rules or as follows
we have get, which is similar across the whole board. Safe attachment policy. Get set new remove.
Same thing gets that new removed for safe attachment rules. We have rules and policies.
A big tip. Always have any Microsoft exam
when it comes to power. Show you don't memorize 1000 commands,
but you need to be familiar
and their command structure.
Safe attachment policy. Safe attachment. Role.
along with the common verbs, get set new removed.
So let's look at creating a safe attacks from policy
permissions that you need to create a safe. Its national policy.
You didn't extend salon idea,
security admin or global admin.
Wait, I just said in a different screen, safe attachment policies are set by global or security administrators.
Yes, that's correct,
and as of this time and exchange online and can still create a safe attachment policy
because they are also
available within the Exchange Online Admin center.
This is being phased out as it is being moved to the Security and Compliance Center.
Set up location. We just talked about a security compliance center. That's where all of this is moving to this for is your 80 p and your policies
exchange an incident.
It's still there for now
In this example, we go to new safe attachment policy. We could give it a name.
the unknown our response. So we have a few things that we can do to it.
We can do off, which is not gonna scan
monitor, which means it reports, but it doesn't do anything.
It blocks the current and future emails with that detective. Malware or replace.
Replace is where it delivers the message but strips out the attachment
hamming deliveries where it
holds the attachment for scan
and then But it delivers the body first
so your user will get an email that says, Hey,
and attachment Still being scanned wants the attachment is done Scanning. They'll receive the attachment.
I don't recommend dynamic delivery
unless there's a good reason for maybe you're a stock trader or something like that. A hospital service
for our users down hamming delivery cause more confusion and support calls that was worth
actually get body of the email
and serve the malicious attachment. They get a text message that says, Hey, this attachment was deemed unsafe and has been replaced.
You can even do enable redirect
so you can sin that Blocked, Monitored will replace attachment to an additional
You have the ability to apply this policy
to certain recipients,
or recipients of certain groups.
So if you have a policy for the HR department
and were supplied to you, go to Recipient is a member off,
and hopefully you have a dynamic, membership based HR group.
That way, if there's a new HR employee next week, the stores have dynamically you put in that group that automatically be assigned the policy because of policies. Baseball department.
If you have multiple domains that your users send email strong and you won't differentiate between the policies for those domains,
you can do office until the recipient domain
to modify an existing safe attachment policy.
We opened up the policy,
and we can go to settings or we go to apply, and we can change it there.
Let's say you want to designate senders, domains or trusted sources to send an attachment without it being scanned.
Maybe you have a one prim relaying. You have a certain scanner, you have a high priority application. Whatever the Mindy, you can do that. This is how you actually do that.
You're going to exchange
on admin Center, go to the Mel fellow rules and create a new rule.
You want to have it configured to where it goes off the header. So you're gonna add
That way, when it goes
out and gets delivered,
the header messages to say, Hey,
skin safe attachment Processing is good is trusted
so there won't be any delay in delivering those messages because they are for May
a reputable source within your organization.
You can also do this
for outside the organization. Say a center is located
again. It's not necessarily recommended.
It's on a case by case scenario.
However, the option is there if you have some reason to implement it that way.
So these policies were great. Mel flow rules are great, but how does it affect your users?
Is a couple screenshots?
The left is what now
the right is desktop outlook.
It was deemed unsafe.
So it says Haiti attachments blocked.
This is just the block option. It's not the replace
on the right. This is dynamic.
This is where says, Hey,
80 p scan is in process.
But here's your message. You still get your message, but there's an attachment that you can see clearly is being scanned. It will be delivered after a scan
which is the phone is not a power shell command to help manage safe attachments
the recommendation special in exams. When it comes Mark herself in Power Shuttle. Be familiar
while barbs doing don't exist
the command structure, safe attachment policy,
safe attachment room
buzz of those are valid and they exist.
So for this question, look at the verbs set new get delete
Which one of those does not belong
If you said delete, you're correct.
in the heart of man.
Remove dash. Yes, that's a command
again. Remove delete.
Same thing, however, with power show
before you take any Microsoft exam. No, your verbs.
There you can me in structure what they're called
sincerely. That's the best tip I can give you for any Microsoft examined as power shell questions.
Don't devote half of your study time to memorizing power shell commands
To recap The lesson. Safe attachments is a feature within 03 65 80 p that checks if email attachments or malicious and takes action to protect your environment.
Safe attachments can also be extended into SharePoint alone. One. Drop for business and teams
exchange transport rules can be created to bypass the scans from certain locations. Domains. Rece enders
Thank you for joining me and learning about safe attachments. Hope to see you for the next lesson. Take care.