Anti-malware
This section describes the design decisions associated with Anti-malware Microsoft 365 security features for system(s) built using ASD's Blueprint for Secure Cloud.
Estimated reading time: 2 minutes
Anti-malware within Exchange Online Protection refers to the default anti-malware scanning which is completed on all emails routing through the service.
In addition to the default scanning, anti-malware policies can be configured. These polices enable the customisation of a response if malware is detected and the restriction of attachment file types.
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Configure Anti-malware Policy | Configured | Configuring the anti-malware policy to enable the customisation of a response if malware is detected and the restriction of attachment file types. |
| Anti-malware policy name | Default | Editing the default policy ensures it applies to all incoming and outgoing mail and is consistent with best practice. |
| Malware detection response | Notify recipients that the message has been quarantined with the default notification text | This will send a notification to recipients when a message is quarantined. |
| Sender notifications | Notify internal senders | This will send notification to senders when their message is quarantined. |
| Administrator notifications | Notify administrators about undelivered messages from internal senders | |
| Notify administrators about undelivered messages from external senders | Administrators will be notified when messages are undelivered. | |
| Allowed File type filtering | Disabled | This is the default setting configured when Exchange Online is enabled and is Microsoft best practice. This ensures that all file types are inspected for malware with no exceptions. |
Related information
Security & Governance
- None identified
Design
Configuration
- None identified