Manage automation file uploads
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
Microsoft uses various file investigation mechanisms to inspect and analyze files.
Identify the files and email attachments by specifying the file extension names and email attachment extension names.
For example, if you add exe and bat as file or attachment extension names, then all files or attachments with those extensions will automatically be sent to the cloud for additional inspection during Automated investigation.
Note
Microsoft securely stores the files submitted for a six-month period. Files are promptly deleted after six months.
Add file extension names and attachment extension names.
Log in to Microsoft Defender XDR using an account with the Security administrator or Global administrator role assigned.
In the navigation pane, select Settings > Endpoints > Rules > Automation uploads.
Toggle the content analysis setting between On and Off.
Configure the following extension names and separate extension names with a comma:
- File extension names - Suspicious files except email attachments will be submitted for additional inspection
Related topics
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for