Safe Documents in Office 365 Advanced Threat Protection

Safe Documents is a feature in Office 365 Advanced Threat Protection (ATP) that uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View.

What do you need to know before you begin?

Use the Office 365 Security & Compliance Center to configure Safe Documents

  1. Open the Office 365 Security & Compliance Center at https://protection.office.com.

  2. Go to Threat management > Policy > ATP Safe Attachments.

  3. In the Help people stay safe when trusting a file to open outside Protected View in Office applications section, configure either of the following settings:

    • Turn on Safe Documents for Office clients (Files will also be sent to Microsoft Cloud for deep analyses)

    • Allow people to click through Protected View even if Safe Documents identifies the file as malicious: We recommend that you don't enable this option.

  4. When you're finished, click Save.

ATP Safe attachments page

Use Exchange Online PowerShell or Exchange Online Protection PowerShell to configure Safe Documents

Use the following syntax:

Set-AtpPolicyForO365 -EnableSafeDocs <$true|$false> -AllowSafeDocsOpen <$true|$false>
  • The EnableSafeDocs parameter enables or disables Safe Documents for the entire organization.

  • The AllowSafeDocsOpen parameter allows or prevents users from leaving Protected View (that is, opening the document) if the document has been identified as malicious.

This example enables Safe Documents for the entire organization, and prevents users from opening documents that have been identified as malicious from Protected View.

Set-AtpPolicyForO365 -EnableSafeDocs $true -AllowSafeDocsOpen $false

For detailed syntax and parameter information, see Set-AtpPolicyForO365.

How do I know this worked?

To verify that you've enabled and configured Safe Documents, do any of the following steps:

  • In the Security & Compliance Center go to Threat management > Policy > ATP Safe Attachments, and verify the selections in the Help people stay safe when trusting a file to open outside Protected View in Office applications section.

  • Run the following command in Exchange Online PowerShell and verify the property values:

    Get-AtpPolicyForO365 | Format-List *SafeDocs*