check before: 2025-07-01
Product:
Defender, Defender for Office 365, Defender XDR, Exchange
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Retirement
Links:
Details:
Summary:
The Monitor action in the Safe attachments policy for Microsoft Exchange Online Protection will be retired from early July 2025 to late August 2025. Organizations using the Monitor action will have it automatically changed to Block. The only remaining actions will be Off, Block, and Dynamic delivery.
Details:
Updated June 4, 2025: We have updated the timeline below. Thank you for your patience.
We will retire the Monitor action in the Safe attachments policy in Microsoft Exchange Online Protection (Microsoft Defender for Office 365) starting early July 2025 (previously late March) and ending by late August 2025 (previously late May).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-10-26
updated:
2025-06-05
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is retiring the "Monitor" option in its Safe Attachments policy for Microsoft Exchange Online Protection by August 2025, automatically switching organizations using it to the "Block" option, and suggests using "Evaluation mode" for those who wish to observe attachment handling without blocking.
Direct effects for Operations**
Change in Safe Attachments Policy Action
The automatic change from Monitor to Block will prevent users from receiving emails with potentially malicious attachments, impacting their ability to access necessary information.
- roles: Email Administrators, End Users
- references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings
Increased Risk of Malicious Attachments
Without the Monitor action, users may be exposed to malicious attachments that would have been flagged, increasing the risk of security incidents.
- roles: Security Analysts, End Users
- references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings
Loss of Monitoring Capabilities
The retirement of the Monitor action means organizations will lose the ability to track and analyze potentially harmful attachments, hindering incident response efforts.
- roles: Security Analysts, Compliance Officers
- references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings
User Experience Degradation
Users may experience frustration and confusion due to sudden blocking of emails that previously would have been monitored, leading to potential workflow disruptions.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings
Need for Policy Review and Adjustment
Organizations will need to review and adjust their Safe Attachments policies, which may lead to temporary lapses in security if not done promptly.
- roles: Email Administrators, IT Managers
- references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-06-05 | MC Last Updated | 10/26/2024 00:54:13 | 2025-06-04T18:42:28Z |
| 2025-06-05 | MC Messages | We will retire the Monitor action in the Safe attachments policy in Microsoft Exchange Online Protection (Microsoft Defender for Office 365) starting late February 2025 and ending by late May 2025. | Updated June 4, 2025: We have updated the timeline below. Thank you for your patience.
We will retire the Monitor action in the Safe attachments policy in Microsoft Exchange Online Protection (Microsoft Defender for Office 365) starting early July 2025 (previously late March) and ending by late August 2025 (previously late May). |
| 2025-06-05 | MC End Time | 07/25/2025 09:00:00 | 2025-10-06T09:00:00Z |
| 2025-06-05 | MC Summary | The 'Monitor' action in Microsoft Exchange Online Protection's Safe attachments policy will be retired between February and May 2025. Organizations with policies set to 'Monitor' will be automatically switched to 'Block'. Users should review and adjust their Safe attachments policies accordingly. | The Monitor action in the Safe attachments policy for Microsoft Exchange Online Protection will be retired from early July 2025 to late August 2025. Organizations using the Monitor action will have it automatically changed to Block. The only remaining actions will be Off, Block, and Dynamic delivery. |
Last updated 1 week ago
