Share via

About Safe attachment policy

Kuronuma 250 Reputation points
2025-04-24T02:17:33.19+00:00

※Urgent queries
I have following requirement
I want to stop dynamic scanning for specific internal users of same domain

When I try it from create new safe attachment policy it does off the scan bur for recipient only and when someone outside of org try to send something malicious it skip the scan and can harm the system

So next I try with following message header using Transport rule

But I coundnot found the header in receive message detail which makes me doubt if the header is actually applied or not and when I check to message trace I can see the Transport rule is applied properly
header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing:
I myself dont know if the transport rule with that header will solve my problem or not in first place and Even after testing I am not sure what does that header do and its being applied or not

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Catherine Kyalo 3,100 Reputation points Microsoft Employee
    2025-04-25T11:12:36.4566667+00:00

    Hi Kuronuma

    From my understanding, when you mention "Stop dynamic scanning for specific internal users of same domain", you're saying that if both the sender and recipient are within the same domain, such as example.com, then SkipSafeAttachmentProcessing should be applied. However, if the sender is from a different domain, scanning should occur

    To clarify, Safe Attachments policy kicks in after message attachments are send to recipients, and scanned by antimalware. Then Safe Attachments opens files in a virtual environment to see what happens before the messages are delivered to recipients.

    Important: Microsoft typically recommend turning on and adding all users to the Standard and/or Strict preset security policies. Instead of creating and managing custom Safe Attachments policies.

    Refer - https://learn.microsoft.com/en-us/defender-office-365/safe-attachments-policies-configure

    You can use Standard and Strict preset security policies which allow one to specify recipient conditions and exceptions (users, group members, domains, or all recipients). You will need to configure entries and optional exceptions for user and domain impersonation protection.

    Refer - https://learn.microsoft.com/en-us/defender-office-365/mdo-deployment-guide#step-2-configure-protection-policies

    If you find the answer above helpful, please Accept the answer to help anyone in the community who might have a similar question to quickly find the solution.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.