Microsoft has rolled out its Safe Documents feature for all Microsoft 365 customers in a bid to boost enterprise security by verifying untrusted files when they’re opened by a user.
When enabled by an administrator, the feature will automatically scan documents for any threats after opening the file in Protected View. This is an additional step which involves uploading and scanning by Microsoft Defender ATP.
Safe Documents essentially brings the power of the firm’s enterprise security platform Intelligent Security Graph to the desktop, with access to a live dataset of billions of data points, combing to form massive security-centric datasets.
The feature has been rolled out to rectify the limitations of Protected View, which is currently in play for all Microsoft 365 users. When opening documents received from external sources, the company suggested, people often exit the Protected View sandbox without considering whether the document is safe.
It was initially previewed in February 2020, when it was touted as a means to automate a crucial phase in the security of opening documents, which may often be overlooked if this decision is in the hands of the individual user.
“While a scan is in progress, Safe Documents will prevent users from exiting the Protected View container,” Microsoft’s security employee Kenny Shi said. “Users are still able to access and read the document during this process but will be unable to make any edits until the scan has completed.
“Once the file has been successfully scanned, users will be able to leave the Protected View container with confidence that their file is safe.”
If the file being scanned is identified as being malicious, users will be prevented from leaving Protected View entirely, with administrators able to decide whether users can bypass and ‘enable editing’ for malicious files using the Admin portal.
In addition to the added security features, IT admins will be given access to an Advanced Hunting feature to get additional analytical information on users.
Safe Documents is turned off by default, with security administrators able to activate the feature by navigating to the Security and Compliance centre within Microsoft 365. Organisations will need a Microsoft 365 E5 Security license in order to use the feature.