From d327f88faa5efee09864753f07d15389e6085ed1 Mon Sep 17 00:00:00 2001 From: Sundeep Saini Date: Tue, 9 Aug 2022 21:57:29 -0700 Subject: [PATCH 1/2] Update recommended-settings-for-eop-and-office365.md Default has been updated for "EnableFileFilter" in the anti-malware policy. Also new security control for "common attachment filter notification option" has been added. FYI @chrisda --- .../recommended-settings-for-eop-and-office365.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md b/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md index ba4e8593760..6e04824faf6 100644 --- a/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md +++ b/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md @@ -132,7 +132,8 @@ To create and configure anti-malware policies, see [Configure anti-malware polic |Security feature name|Default|Standard|Strict|Comment| |---|:---:|:---:|:---:|---| |**Protection settings**||||| -|**Enable the common attachments filter**

_EnableFileFilter_|Not selected

`$false`|Selected

`$true`|Selected

`$true`|This setting quarantines messages that contain attachments based on file type, regardless of the attachment content. For the list of file types, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).| +|**Enable the common attachments filter**

_EnableFileFilter_|Selected

`$true`|Selected

`$true`|Selected

`$true`|This setting quarantines messages that contain attachments based on file type, regardless of the attachment content. For the list of file types, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).| +|**Common attachment filter notification option**

_FileTypeAction_|Reject the messages with a non-delivery receipt (NDR)

`Reject`|Reject the messages with a non-delivery receipt (NDR)

`Reject`|Reject the messages with a non-delivery receipt (NDR)

`Reject`| |**Enable zero-hour auto purge for malware**

_ZapEnabled_|Selected

`$true`|Selected

`$true`|Selected

`$true`|| |**Quarantine policy**|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|When you create a new anti-malware policy, a blank value means the default quarantine policy is used to define the historical capabilities for messages that were quarantined as malware (AdminOnlyAccessPolicy with no quarantine notifications).

Standard and Strict preset security policies use the default quarantine policy (AdminOnlyAccessPolicy with no quarantine notifications) as described in the table [here](quarantine-policies.md#step-2-assign-a-quarantine-policy-to-supported-features).

Admins can create and select custom quarantine policies that define more capabilities for users in the default or custom anti-malware policies. For more information, see [Quarantine policies](quarantine-policies.md).| |**Admin notifications**||||| From da56bd77bd69e313f81bd249d383856601745f45 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Wed, 10 Aug 2022 09:25:52 -0700 Subject: [PATCH 2/2] Update recommended-settings-for-eop-and-office365.md --- .../recommended-settings-for-eop-and-office365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md b/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md index 6e04824faf6..1b241fc5221 100644 --- a/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md +++ b/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md @@ -133,7 +133,7 @@ To create and configure anti-malware policies, see [Configure anti-malware polic |---|:---:|:---:|:---:|---| |**Protection settings**||||| |**Enable the common attachments filter**

_EnableFileFilter_|Selected

`$true`|Selected

`$true`|Selected

`$true`|This setting quarantines messages that contain attachments based on file type, regardless of the attachment content. For the list of file types, see [Anti-malware policies](anti-malware-protection.md#anti-malware-policies).| -|**Common attachment filter notification option**

_FileTypeAction_|Reject the messages with a non-delivery receipt (NDR)

`Reject`|Reject the messages with a non-delivery receipt (NDR)

`Reject`|Reject the messages with a non-delivery receipt (NDR)

`Reject`| +|Common attachment filter notifications (**When these file types are found**)

_FileTypeAction_|**Reject the messages with a non-delivery receipt (NDR)**

`Reject`|**Reject the messages with a non-delivery receipt (NDR)**

`Reject`|**Reject the messages with a non-delivery receipt (NDR)**

`Reject`|| |**Enable zero-hour auto purge for malware**

_ZapEnabled_|Selected

`$true`|Selected

`$true`|Selected

`$true`|| |**Quarantine policy**|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|AdminOnlyAccessPolicy|When you create a new anti-malware policy, a blank value means the default quarantine policy is used to define the historical capabilities for messages that were quarantined as malware (AdminOnlyAccessPolicy with no quarantine notifications).

Standard and Strict preset security policies use the default quarantine policy (AdminOnlyAccessPolicy with no quarantine notifications) as described in the table [here](quarantine-policies.md#step-2-assign-a-quarantine-policy-to-supported-features).

Admins can create and select custom quarantine policies that define more capabilities for users in the default or custom anti-malware policies. For more information, see [Quarantine policies](quarantine-policies.md).| |**Admin notifications**|||||