Create Office 365 Safe Attachments Policy and Safe attachment Rule using PowerShell
To get started with creating the Safe attachment policy and safe attachment rule a connection to Exchange Online Protection needs to be established.
To establish a connection to Exchange Online Protection (EOP), follow the below.
1 |
$UserCredential = Get-Credential |
1 |
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection |
Then import the new session
1 |
Import-PSSession $Session -DisableNameChecking |
Now that a connection to EXO EOP has been established let’s start with creating the Safe Attachment Policy.
The new Policy, will do the following:
- The policy is enabled.
- The action is Replace. Note: the default value for the Action parameter is Block, if you want to block then you don’t have to specify an Action Parameter.
- If Safe Attachments scanning isn’t available or encounters errors, deliver the message as normal. The default value of the ActionOnError parameter is $false, so you don’t need to specify it.
- Redirect detected malware messages to secure@thatlazyadmin.com.
1 |
New-SafeAttachmentPolicy -Name "Accounts Replace Attachments" -Enable $true -Action Replace -Redirect $true -RedirectAddress secure@thatlazyadmin.com |
Now that a new Safe Attachment Policy has been created, we also need to go ahead and create a new Safe Attachment rule with it.
The new Safe Attachment Rule will do the following:
- The rule is associated with the Safe Attachments policy named Accounts Replace Attachments.
- The rule applies to members of the group named Accounts
- The rule doesn’t apply to members of the group named Accounts Department Managers.
1 |
New-SafeAttachmentRule -Name "Accounts Replace Attachment Rule" -SafeAttachmentPolicy "Accounts Replace Attachment" -SentToMemberOf "Accounts" -ExceptIfSentToMemberOf "Accounts Department Managers" |