You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://learn.microsoft.com/defender-office-365/safe-attachments-about).
40
40
41
-
New safe attachment policies that you create using this cmdlet aren't applied to users and aren't visible in the admin center. You need to use the SafeAttachmentPolicy parameter on the New-SafeAttachmentRule or Set-SafeAttachmentRule cmdlets to associate the policy with a rule to create a complete Safe Attachments policy that's visible in the admin center.
41
+
New safe attachment policies that you create using this cmdlet aren't applied to users and aren't visible in the Microsoft Defender portal. You need to use the SafeAttachmentPolicy parameter on the New-SafeAttachmentRule or Set-SafeAttachmentRule cmdlets to associate the policy with a rule to create a complete Safe Attachments policy that's visible in the Defender portal.
42
42
43
43
A safe attachment policy can be assigned to only one safe attachment rule.
The Action parameter specifies the action for the safe attachment policy. Valid values are:
81
81
82
-
- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the admin center.
82
+
- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the Microsoft Defender portal.
83
83
- Block: Block the email message that contains the malware attachment. This is the default value.
84
84
- DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe. For more information, see [Dynamic Delivery in Safe Attachments policies](https://learn.microsoft.com/defender-office-365/safe-attachments-about#dynamic-delivery-in-safe-attachments-policies).
85
85
86
86
The value of this parameter is meaningful only when the value of the Enable parameter is $true (the default value is $false).
87
87
88
-
To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the admin center), use the value $false for the Enable parameter.
88
+
To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the Defender portal), use the value $false for the Enable parameter.
89
89
90
90
The results of all actions are available in message trace.
The Redirect parameter specifies whether to deliver messages to an alternate email address if malware is detected in an attachment. Valid values are:
221
221
222
-
- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter.
222
+
- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter. This value is meaningful only when the value of the Action parameter is Allow.
223
223
- $false: Messages that contain malware attachments aren't delivered to another email address. This is the default value.
224
224
225
-
**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
The RedirectAddress parameter specifies the destination email address to deliver messages if malware is detected in an attachment.
242
240
243
-
The value of this parameter is meaningful only when when value of the Redirect parameter is $true and the value of the Action parameter is Allow.
244
-
245
-
**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
241
+
The value of this parameter is meaningful only when value of the Redirect parameter is $true and the value of the Action parameter is Allow.
The Action parameter specifies the action for the safe attachment policy. Valid values are:
78
78
79
-
- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the admin center.
79
+
- Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to **Monitor** for the **Safe Attachments unknown malware response** property of the policy in the Microsoft Defender portal.
80
80
- Block: Block the email message that contains the malware attachment. This is the default value.
81
81
- DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe. For more information, see [Dynamic Delivery in Safe Attachments policies](https://learn.microsoft.com/defender-office-365/safe-attachments-about#dynamic-delivery-in-safe-attachments-policies).
82
82
83
83
The value of this parameter is meaningful only when the value of the Enable parameter is $true (the default value is $false).
84
84
85
-
To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the admin center), use the value $false for the Enable parameter.
85
+
To specify no action for the safe attachment policy (corresponds to the value **Off** for the **Safe Attachments unknown malware response** policy setting in the Defender portal), use the value $false for the Enable parameter.
86
86
87
87
The results of all actions are available in message trace.
The Redirect parameter specifies whether to deliver messages to an alternate email address if malware is detected in an attachment. Valid values are:
186
186
187
-
- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter.
187
+
- $true: Messages that contain malware attachments are delivered to the email address specified by the RedirectAddress parameter. This value is meaningful only when the value of the Action parameter is Allow.
188
188
- $false: Messages that contain malware attachments aren't delivered to another email address. This is the default value.
189
189
190
-
**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
191
-
192
190
```yaml
193
191
Type: Boolean
194
192
Parameter Sets: (All)
@@ -207,8 +205,6 @@ The RedirectAddress parameter specifies the destination email address to deliver
207
205
208
206
The value of this parameter is meaningful only when value of the Redirect parameter is $true and the value of the Action parameter is Allow.
209
207
210
-
**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
227
223
228
-
**Note**: Redirection will soon be available only for the Allow action. For more information, see [MC424899](https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC424899).
0 commit comments