MC918563 – Microsoft Exchange Online Protection (Defender for Office 365): Monitor action in Safe attachments policy will retire

Microsoft Exchange Logo

check before: 2025-02-01

Product:

Defender, Defender for Office 365, Defender XDR, Exchange

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Retirement

Links:

Details:

Summary:
The 'Monitor' action in Microsoft Exchange Online Protection's Safe attachments policy will be retired between February and May 2025. Organizations with policies set to 'Monitor' will be automatically switched to 'Block'. Users should review and adjust their Safe attachments policies accordingly.

Details:
We will retire the Monitor action in the Safe attachments policy in Microsoft Exchange Online Protection (Microsoft Defender for Office 365) starting late February 2025 and ending by late May 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-10-26

updated:
2024-10-26

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased Risk of Malicious Attachments
Switching from 'Monitor' to 'Block' without preparation may lead to legitimate emails being blocked, causing disruption in communication.
   - roles: IT Administrator, End User
   - references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings

Loss of Monitoring Capabilities
Organizations will lose the ability to monitor and review potentially malicious attachments, impacting security oversight.
   - roles: Security Analyst, Compliance Officer
   - references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings

Increased User Frustration
Users may experience frustration due to unexpected blocking of emails, leading to decreased productivity.
   - roles: End User, Help Desk Support
   - references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings

Need for Policy Review
Organizations will need to urgently review and adjust their Safe attachments policies, which may lead to operational delays.
   - roles: IT Administrator, Security Analyst
   - references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings

Potential Compliance Issues
Failure to adapt to the new policy may result in compliance issues if legitimate communications are blocked.
   - roles: Compliance Officer, Legal Advisor
   - references: https://learn.microsoft.com/defender-office-365/safe-attachments-about#safe-attachments-policy-settings

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is planning to retire the 'Monitor' action in the Safe attachments policy of Microsoft Exchange Online Protection, part of Microsoft Defender for Office 365. This change will take place between February and May 2025. If your organization currently uses the 'Monitor' action, it will automatically be switched to 'Block'. This means that instead of just observing potentially harmful attachments, the system will actively block them.

To understand this better, think of it like a security guard at a building entrance. Previously, the guard (Monitor action) would let everyone in but keep an eye on them and report any suspicious behavior. Now, the guard (Block action) will stop anyone suspicious from entering in the first place, ensuring the building remains safe.

Safe attachments policies are designed to protect against harmful content in emails by checking attachments in a secure environment before they reach the recipient. The Monitor action allowed organizations to track potentially dangerous attachments without blocking them, which was useful for observing and reporting threats. However, with this action being retired, organizations will need to rely on the Block action to prevent threats from reaching users.

Before this change happens, it's important to review your organization's Safe attachments policies. If your policies are set to Monitor, consider switching to Block to maintain security. Alternatively, if you need to continue monitoring without blocking, you can use Evaluation mode, which functions similarly to Monitor by allowing you to audit and review threats without blocking them immediately.

This change is part of Microsoft's ongoing efforts to enhance security measures and ensure that organizations are better protected against email-based threats. For more detailed guidance on how to adjust your policies and use Evaluation mode, you can refer to Microsoft's documentation on Safe Attachments in Defender for Office 365.

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Last updated 2 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!