Teams Security Baselines: Malware Scanning
Spending 10 minutes or less will help your M365 environment be a little more secure
In Oct. 2022, CISA released a document called Microsoft Teams: M365 Minimum Viable Secure Configuration Baseline. This document outlines 13 steps to take to raise your Microsoft Teams environment to a minimum viable security posture. In this series, we’ll take a look at these 13 steps over a series of articles.
Baseline 12: Malware Scanning
This baseline reads “Attachments SHOULD Be Scanned for Malware.”
What is it?
To prevent the spread of malware, attachments should be scanned for malware, and attachments that are positive for malicious activity should be redirected to an internal account for investigation. This scanning should happen for SharePoint, OneDrive, and Teams.
Why is it bad?
Malware is dangerous to information systems and should be prevented when possible.
What should you know before enforcement?
This feature requires Defender for Office 365 Plan 1 or 2. These are included with E5/A5/G5 and are available as add-ons for E3/A3/G3.
How do you enforce it?
Login to Microsoft Defender at security.microsoft.com —> Email and collaboration —> Policies and Rules. Navigate to Threat Policies —> Safe Attachments —> Global Settings. Then toggle on “Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams.”
Resources
Defender for Office 365 Minimum Viable Secure Configuration Baseline (cisa.gov)
Note: The articles in the Security Baselines series aren’t being sent via the subscriber emails. Once the series is complete, I’ll be publishing a single article with links to all of the articles in the series.