Office 365 Anti malware Policy Best Practices

This article will give you a quick overview of some of the recommended settings for the Office 365 malware filter.

Configure Office 365 Anti malware Policy

You'll need to change the default Office 365 anti-malware policy to configure some additional protection settings. Let's take a look at some of the settings you can change to improve your email threat protection.

Security & Compliance Center
https://protection.office.com

Threat management - Policy - Anti-malware

Select default policy - edit protection settings

Turn on the common attachments filter

This setting blocks attachments types that are commonly used for delivering malware
The default blocked file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs.

Malware Zero-hour auto purge

Zero-hour auto purge (ZAP) quarantines messages that contain malware after they've been delivered to your inbox. Its recommended that you leave this enabled

Enable Notifications

I recommend turning on notifications to internal senders and admins. You will most likely never want to notify external senders when messages are quarantined as malware.

If you enable notifications, you'll also want to customize the notification email, here is an example of the default notification message

From: Postmaster postmaster@<defaultdomain>.com

Subject: Undeliverable message

This message was created automatically by mail delivery software. Your email message was not delivered to the intended recipients because malware was detected. All attachments were deleted.

--- Additional Information ---:
Subject: <message subject>
Sender: <message sender>
Time received: <date/time>
Message ID: <message id>

Detections found:
<attachment name> <malware detection result>

You can customize the message to include your support details:

"Your email message was not delivered because of suspected virus or malware. Please contact IT support so we can review the suspected email and investigate further."