Office 365 Anti malware Policy Best Practices
This article will give you a quick overview of some of the recommended settings for the Office 365 malware filter.
Configure Office 365 Anti malware Policy
You'll need to change the default Office 365 anti-malware policy to configure some additional protection settings. Let's take a look at some of the settings you can change to improve your email threat protection.
Security & Compliance Center
Threat management - Policy - Anti-malware
Select default policy - edit protection settings
Turn on the common attachments filter
This setting blocks attachments types that are commonly used for delivering malware
The default blocked file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs.
Malware Zero-hour auto purge
Zero-hour auto purge (ZAP) quarantines messages that contain malware after they've been delivered to your inbox. Its recommended that you leave this enabled
I recommend turning on notifications to internal senders and admins. You will most likely never want to notify external senders when messages are quarantined as malware.
If you enable notifications, you'll also want to customize the notification email, here is an example of the default notification message
From: Postmaster postmaster@<defaultdomain>.com
Subject: Undeliverable message
This message was created automatically by mail delivery software. Your email message was not delivered to the intended recipients because malware was detected. All attachments were deleted.
--- Additional Information ---:
Subject: <message subject>
Sender: <message sender>
Time received: <date/time>
Message ID: <message id>
<attachment name> <malware detection result>
You can customize the message to include your support details:
"Your email message was not delivered because of suspected virus or malware. Please contact IT support so we can review the suspected email and investigate further."