What Is the New Office 365 'Safe Documents' Feature and How Can It Help You Enhance Your Virtual Security?
We often hear about malware infections, but we probably seldom realize how close these threats are. Think of all the documents you open every single day. Whether you are working from home or at the office, you probably send multiple files back and forth, interacting with your colleagues and superiors. In the midst of this organized chaos, it is rather easy to miss a malicious file that masquerades as a regular document. And just by opening such a file, you could subject your entire network to a dangerous infection.
Hurdles must be raised to make your working environment safer. While there are many ways to make sure you do not get affected by malware and hackers, today we would like to introduce you to a safety feature that was rolled out by Microsoft. The feature is called Safe Documents, and it puts a hurdle between Office 365 users and a potential cyberattack. If you open documents in Protected View and then scan them with Microsoft Defender for Endpoint, you can use the Safe Documents feature.
What is Protected View?
You probably have encountered Protected View many times before, but you’ve just never really paid attention to it. Protected View is there to stop you from opening a file automatically. Keeping in mind that files received from unknown senders could contain worms, viruses, and other malware, Office 365 opens most of the files in a read only mode which is called Protected View. This mode is activated when files are opened from an Internet location, when a sender is identified as unsafe, when the file is blocked, and so on. Most of the time, you can exit Protected View just by clicking the X button or the Enable editing button. However, it is always a good idea to check why the file is opened in this mode. Don’t dismiss the message just because it’s the new normal.
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint is the new name for Microsoft Devender Advanced Threat Protection (MDATP). It is an enterprise endpoint security platform. Therefore, it is designed to protect enterprise networks from advanced threats.
This platform is for companies that employ Windows 10 and Microsoft’s cloud service to perform their tasks, services, and carry out their businesses. This platform has several features and capabilities, and Defender for Endpoint happens to be directly integrated with such Microsoft solutions as Office 365, Azure Security Center, Skype for Business, Microsoft Cloud App Security, and so on. Thus, if an enterprise employs this platform, they can easily apply the Office 365 Safe Documents feature, too.
What is Office 365 Safe Documents?
To put it simply, Safe Documents is an addition to the Protected View function. This feature scans the document while you are still in the Protected View mode, and you cannot leave the mode until the scan results are in. There are several types of scan results you can expect from Safe Documents:
- File is currently being scanned by MDATP – It means that the scan is still in process.
- Error in file verification – This notification shows up when the file cannot be verified due to network connectivity issues.
- File found to be safe
- File found to be malicious
In some cases, the Admin Portal might allow you to override the Safe Documents setting. If you are allowed to bypass the warning, you might click the Edit Anyway button even if the results say the file is not safe. However, please note that you have to be cautious when you choose to ignore the warning.
Another thing we would like to point out is that Office 365 Safe Documents isn’t something that a regular end user can configure. The feature should be configured by the network administrator by opening the Security & Compliance Center or by going directly to the ATP Safe Attachments page. In their notes on the feature, Microsoft says that “you need to be a member of the Organization Management or Security Administrator role groups,” if you want to enable and configure Safe Documents.
Of course if you always check cybersecurity news and you are eager to try out the newest safety features, you are more than welcome to contact your company’s IT team and ask them about the feature and whether it can be enabled (provided it hasn’t been enabled yet).
How does Microsoft handle my data?
It is probably obvious that to scan your documents, Microsoft has to upload them to their own cloud servers. In other words, Safe Documents sends your files to the Microsoft Defender for Endpoint cloud. In that cloud, the files get analyzed. If you are worried that Microsoft might be collecting extremely sensitive information, you can check out how they handle data storage and privacy here. However, the bottom line is that the files that get sent over by Safe Documents eventually are deleted from the cloud in less than 24 hours.
So, to take everything into account, Safe Documents in Protected View enables you to check whether the document is safe before you start editing it. While this feature is on, you still remain in the so-called “sandbox,” and even if the file is malicious, it cannot do anything to your system. If the scanned file is deemed to be malicious, you should close it immediately. Depending on your company’s security practices and rules, you should either delete the file or forward it to your IT team.
If the dangerous file reached you via email, you should most definitely inform the IT team about the spam campaign that you got exposed to. It is also common to see spam emails being sent out from emails within a corporate network. This happens when your colleagues’ emails get leaked and their identities are stolen.
Aside from employing all the security rules laid out by your IT team, it is also strongly recommended to change your passwords whenever you notice that at least one corporate email had been leaked. Ask your IT team for further recommendations on the topic, and don’t hesitate to employ a password manager if you are forced to change passwords often.