Hello Vinod,
In Microsoft 365, both Exchange Online Protection (EOP) and Exchange Online (EXO) use sandboxing features, sometimes referred to as "Advanced Threat Protection," to help detect and block potentially harmful email attachments and URLs.
Features of Sandboxing in EXO and EOP:
Safe Attachments:
- Scans email attachments for malware and viruses.
- All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activities.
Safe Links:
- Provides time-of-click verification of URLs in email messages and Office documents.
- Blocks malicious URLs and directs users to a warning page.
Anti-Phishing Protection:
- Uses machine learning models to detect and block phishing attempts.
Real-Time Reports:
- Provides detailed reports of detected threats in real-time.
Threat Investigation and Response:
- Offers tools for investigating and responding to threats within the organization.
Setting Up and Configuring Sandboxing in M365 Tenant:
- Enable Advanced Threat Protection:
- Go to the Microsoft 365 security center (https://security.microsoft.com).
- Navigate to 'Policy' and then 'Threat Policy'.
- Configure the ATP policies as per the organizational requirements.
- Navigate to 'Policy' and then 'Threat Policy'.
- Go to the Microsoft 365 security center (https://security.microsoft.com).
- Configure Safe Attachments Policy:
- In the security center, go to 'Policy' > 'ATP Safe Attachments'.
- Create or modify safe attachment policies to specify the actions to take when a malicious attachment is detected.
- In the security center, go to 'Policy' > 'ATP Safe Attachments'.
- Configure Safe Links Policy:
- Go to 'Policy' > 'ATP Safe Links'.
- Create or modify safe links policies to manage the protection settings for URLs.
- Go to 'Policy' > 'ATP Safe Links'.
- Configure Anti-Phishing Protection:
- Go to 'Policy' > 'Anti-Phishing'.
- Create or modify anti-phishing policies to define the settings for phishing protection.
- Go to 'Policy' > 'Anti-Phishing'.
- Review and Monitor Reports:
- Regularly review the reports in the security center to monitor the threats detected and actions taken.
- Test the Configuration:
- Test the setup by sending test emails with harmless attachments and URLs to ensure the policies work as expected.
- User Training and Awareness:
- Train users on the features and notifications they might encounter.
- Explain the steps they need to take if they encounter a warning or blocked content.
- Train users on the features and notifications they might encounter.
All the best.