close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

Microsoft Teams Day is back!

Home

Exchange Online

Microsoft 365 Changelog

M365 Changelog: AntiMalware Default Policy – Common Attachment Filter Settings Updates

Rabia Noureen

|

MC468187 – Microsoft is making some changes to the common attachment filter settings for the Default policy (only) in the Anti-malware policy. The earlier default selection value of the ‘Quarantine the message‘ is now changed to ‘Reject the message with NDR’. 

When this will happen:

This configuration change will take effect beginning January 5, 2022.

How this will affect your organization:

This change will update the specific setting in the default policy. Any message which was quarantined until now because of the matching file type will now be rejected with an NDR. 

In Anti-malware policies, under the protection settings for ‘Enable the common attachment filter’, there are two notification options when an email contains any attachment matching the configured file types:

  • Reject the message with a non-delivery receipt (NDR)
  • Quarantine the message

These two notification options were added to the common attachments filter previously. When this was added, the option ‘Quarantine the message’ was selected as the default policy.

The change now being introduced is to update this option to ‘Reject the message with a non-delivery receipt (NDR)’ for all customers. This change is to allow faster response on the part of the sender to resend any important emails which might be quarantined (and delayed to the intended receipt) due to any attachment with matching blocked file type. We’re also aligning the setting for this control in the Standard and Strict preset security policies to ‘Reject the message with a non-delivery receipt (NDR)’. This change will also reduce the messages in quarantine. Quarantined messages need to be reviewed and released by the SecOps team and allow the sender to take action.

 
View image in new tab
   

What you need to do to prepare:

If you would rather quarantine the message, then you will need to create a new policy with ‘Quarantine the message’ or you will need to revert the selection to ‘Quarantine the message’ after this change is rolled out.

Article saved!

Access saved content from your profile page. View Saved