CISA.MS.EXO.15.2 - Direct download links SHOULD be scanned for malware.
Overviewβ
Direct download links SHOULD be scanned for malware.
Rationale: URLs in emails may direct users to download and run malware. Scanning direct download links in real-time for known malware and blocking access can prevent users from infecting their devices.
Remediation action:β
- Sign in to Microsoft 365 Defender.
- In the left-hand menu, go to Email & Collaboration > Policies & Rules.
- Select Threat Policies.
- From the Templated policies section, select Preset Security Policies.
- Under either Standard protection or Strict protection, select Manage protection settings.
- Select Next until you reach the Apply Defender for Office 365 protection page.
- On the Apply Defender for Office 365 protection page, select All recipients.
- (Optional) Under Exclude these recipients, add Users and Groups to be exempted from the preset policies.
- Select Next on each page until the Review and confirm your changes page.
- On the Review and confirm your changes page, select Confirm.
Related linksβ
- Defender admin center - Preset security policies
- CISA 15 Link Protection - MS.EXO.15.2
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.15.2 |
| Severity | High |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaSafeLinkDownloadScan |
| Tags | CISA, CISA.MS.EXO.15.2, MS.EXO, MS.EXO.15.2 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaSafeLinkDownloadScan.ps1