What all are the features of Sandboxing in EXO and EOP and how we can make sure they are configured and setup as appropriate in M365 tenant?

Vinod Survase 4,711 Reputation points
2023-10-01T06:54:39.5833333+00:00

What all are the features of Sandboxing in EXO and EOP and how we can make sure they are configured and setup as appropriate in M365 tenant?

Microsoft Exchange Online
Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,111 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,253 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,393 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Ali AlEnezi 1,051 Reputation points
    2023-10-01T07:23:18.5033333+00:00

    Hello Vinod,

    In Microsoft 365, both Exchange Online Protection (EOP) and Exchange Online (EXO) use sandboxing features, sometimes referred to as "Advanced Threat Protection," to help detect and block potentially harmful email attachments and URLs.

    Features of Sandboxing in EXO and EOP:

    Safe Attachments:

    • Scans email attachments for malware and viruses.
    • All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activities.

    Safe Links:

    • Provides time-of-click verification of URLs in email messages and Office documents.
    • Blocks malicious URLs and directs users to a warning page.

    Anti-Phishing Protection:

    • Uses machine learning models to detect and block phishing attempts.

    Real-Time Reports:

    • Provides detailed reports of detected threats in real-time.

    Threat Investigation and Response:

    • Offers tools for investigating and responding to threats within the organization.

    Setting Up and Configuring Sandboxing in M365 Tenant:

    1. Enable Advanced Threat Protection:
      • Go to the Microsoft 365 security center (https://security.microsoft.com).
        • Navigate to 'Policy' and then 'Threat Policy'.
          • Configure the ATP policies as per the organizational requirements.
    2. Configure Safe Attachments Policy:
      • In the security center, go to 'Policy' > 'ATP Safe Attachments'.
        • Create or modify safe attachment policies to specify the actions to take when a malicious attachment is detected.
    3. Configure Safe Links Policy:
      • Go to 'Policy' > 'ATP Safe Links'.
        • Create or modify safe links policies to manage the protection settings for URLs.
    4. Configure Anti-Phishing Protection:
      • Go to 'Policy' > 'Anti-Phishing'.
        • Create or modify anti-phishing policies to define the settings for phishing protection.
    5. Review and Monitor Reports:
      • Regularly review the reports in the security center to monitor the threats detected and actions taken.
    6. Test the Configuration:
      • Test the setup by sending test emails with harmless attachments and URLs to ensure the policies work as expected.
    7. User Training and Awareness:
      • Train users on the features and notifications they might encounter.
        • Explain the steps they need to take if they encounter a warning or blocked content.

    All the best.


  2. Aholic Liang-MSFT 13,826 Reputation points Microsoft Vendor
    2023-10-02T06:28:15.95+00:00

    Hi @ Vinod Survase,

    To better understand this issue, can you tell us what the sandboxing feature means?

    The default protection features of EOP include anti-malware policies, spam filters,  anti-phishing, preset security policies, and more.

    If you need to place spam or filtered messages in quarantine, you can refer to this link to set up Exchange Online Protection :Exchange Online Protection setup guide | Microsoft Exchange

    In addition, Advanced Threat Protection is an additional email screening service.If you need a higher level of security, you need to purchase licenses for your users to get service.

     


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.