CYBERDOM

Just another day of IR, Threat-Hunting & Microsoft Security

Office 365 ATP Safe Documents

by · March 3, 2020

The power of Microsoft ATP is hitting again, and this time with the new feature of Office ATP Safe Documents.

In short, the Office ATP Safe Documents automatically scan Office files in Protected View (or untrusted files) with Microsoft Defender ATP before allowing the files to open be opened.

Office ATP Safe Documents will detonate documents using ATP, with Office365 ProPlus desktop apps.

Post Contents Show

Office ATP Safe Documents

The new Office ATP Safe Documents is part of Office ATP Plan 2, and it can work alongside with Safe Attachment and other Office ATP features and policies.

When a user has a document in Protected View and wants to view that document “trusted”, the field will be automatically checked against the ATP threat cloud before releasing it to the user in full mode.

How it Works

When a user receives an email with an Office document from an external recipient the document is stamped and can only be opened in “Protected View”. When an Office document stamped as Protected View the user cannot edit or print the document, and more important the Office file will be opened with Macro.

This decreases the functionality of editing and printing is enough for the user to often just take the document out of protected mode and impact your network.

This is where this new feature of Office ATP Safe Documents comes into the game, and the entire document is uploaded to Microsoft datacentre and processed as if it were an attachment in the email being processed via Safe Attachments.

When the user received the document via email, the Office 365 ATP Safe Attachments will process the document. But if the document is received in another way, such as via a download link of a file share, then the Safe Attachments vector of protection over email no longer applies.

If the document is scanned for malicious content and the user is allowed to open the file and turn off the protected mode only if the document is considered safe and allowed fro Microsoft Defender ATP side. But, if the document is considered malicious then the document will be in protected mode.

Notes

  • This feature is only available with the Microsoft 365 E5 or Microsoft 365 E5 Security license
  • Office ATP Safe Documents is currently available for public preview only
  • This feature available to users that are part of the Office Insider Program with Monthly Channel (Targeted), and with Office Version 2002 (12527.20092) or later.
  • This feature is off by default and will need to be enabled.
  • Only US Region currently supported for compliant file processing (All files will travel to the US Region for scanning)
  • Support for UK and EU region is planned in a future update.

More Information

Office 365 ATP Safe Documents

by · March 3, 2020

The power of Microsoft ATP is hitting again, and this time with the new feature of Office ATP Safe Documents.
In short, the Office ATP Safe Documents automatically scan Office files in Protected View (or untrusted files) with Microsoft Defender ATP before allowing the files to open be opened.
Office ATP Safe Documents will detonate documents using ATP, with Office365 ProPlus desktop apps.

Office ATP Safe Documents

The new Office ATP Safe Documents is part of Office ATP Plan 2, and it can work alongside with Safe Attachment and other Office ATP features and policies.
When a user has a document in Protected View and wants to view that document “trusted”, the field will be automatically checked against the ATP threat cloud before releasing it to the user in full mode.

How it Works

When a user receives an email with an Office document from an external recipient the document is stamped and can only be opened in “Protected View”. When an Office document stamped as Protected View the user cannot edit or print the document, and more important the Office file will be opened with Macro.
This decreases the functionality of editing and printing is enough for the user to often just take the document out of protected mode and impact your network.
This is where this new feature of Office ATP Safe Documents comes into the game, and the entire document is uploaded to Microsoft datacentre and processed as if it were an attachment in the email being processed via Safe Attachments.
When the user received the document via email, the Office 365 ATP Safe Attachments will process the document. But if the document is received in another way, such as via a download link of a file share, then the Safe Attachments vector of protection over email no longer applies.
If the document is scanned for malicious content and the user is allowed to open the file and turn off the protected mode only if the document is considered safe and allowed fro Microsoft Defender ATP side. But, if the document is considered malicious then the document will be in protected mode.

Notes

  • This feature is only available with the Microsoft 365 E5 or Microsoft 365 E5 Security license
  • Office ATP Safe Documents is currently available for public preview only
  • This feature available to users that are part of the Office Insider Program with Monthly Channel (Targeted), and with Office Version 2002 (12527.20092) or later.
  • This feature is off by default and will need to be enabled.
  • Only US Region currently supported for compliant file processing (All files will travel to the US Region for scanning)
  • Support for UK and EU region is planned in a future update.

More Information

Tags:

You may also like...

Leave a Reply

error: Content is Protected !!
%d