You can modify the default list by selecting Customize file types.Įnable zero-hour auto purge for malware: If you select this option, ZAP quarantines malware messages that have already been delivered. On the Protection settings page that appears, configure the following settings:Įnable the common attachments filter: If you select this option, messages with the specified attachments are treated as malware and are automatically quarantined. The settings and behavior are exactly like the conditions. Exclude these users, groups, and domains: To add exceptions for the internal recipients that the policy applies to (recpient exceptions), select this option and configure the exceptions.Different conditions use AND logic (for example, and ). Multiple values in the same condition use OR logic (for example, or ). For users, enter an asterisk (*) by itself to see all available values. To remove an existing value, click remove next to the value.įor users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. Repeat this process as many times as necessary. Domains: All recipients in the specified accepted domains in your organization.Ĭlick in the appropriate box, start typing a value, and select the value that you want from the results.Groups: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization.Users: The specified mailboxes, mail users, or mail contacts in your organization.On the Users and domains page that appears, identify the internal recipients that the policy applies to (recipient conditions): Description: Enter an optional description for the policy.Name: Enter a unique, descriptive name for the policy.On the Name your policy page, configure these settings: In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Anti-Malware in the Policies section. Use the Microsoft 365 Defender portal to create anti-malware policiesĬreating a custom anti-malware policy in the Microsoft 365 Defender portal creates the malware filter rule and the associated malware filter policy at the same time using the same name for both.
The View-Only Organization Management role group in Exchange Online also gives read-only access to the feature.įor our recommended settings for anti-malware policies, see EOP anti-malware policy settings.For more information, see About admin roles. Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions and permissions for other features in Microsoft 365.For read-only access to anti-malware policies, you need to be a member of the Global Reader or Security Reader role groups.įor more information, see Permissions in Exchange Online.To add, modify, and delete anti-malware policies, you need to be a member of the Organization Management or Security Administrator role groups.You need to be assigned permissions in Exchange Online before you can do the procedures in this article: To connect to standalone EOP PowerShell, see Connect to Exchange Online Protection PowerShell. To connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell. To go directly to the Anti-malware page, use. You open the Microsoft 365 Defender portal at. What do you need to know before you begin? You can configure anti-malware policies in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online standalone EOP PowerShell for organizations without Exchange Online mailboxes). Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies. For greater granularity, you can also create custom anti-malware policies that apply to specific users, groups, or domains in your organization. For more information, see Anti-malware protection.Īdmins can view, edit, and configure (but not delete) the default anti-malware policy to meet the needs of their organizations. EOP uses anti-malware policies for malware protection settings. In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against malware by EOP. Microsoft Defender for Office 365 plan 1 and plan 2.This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. The improved Microsoft 365 Defender portal is now available.