CISA.MS.EXO.9.4 - Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.
Overviewβ
Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.
Rationale: Malicious attachments often take the form of click-to-run files. Sharing high risk file types, when necessary, is better left to a means other than email; the dangers of allowing them to be sent over email outweigh any potential benefits. Filtering email attachments based on file types can prevent spread of malware distributed via click-to-run email attachments.
Note: This test will always result in a skip result.
Remediation action:β
- Sign in to Microsoft 365 Defender.
- In the left-hand menu, go to Email & Collaboration > Policies & Rules.
- Select Threat Policies.
- From the Templated policies section, select Preset Security Policies.
- Under Standard protection, slide the toggle switch to the right so the text next to the toggle reads Standard protection is on.
- Under Strict protection, slide the toggle switch to the right so the text next to the toggle reads Strict protection is on.
Note: If the toggle slider in step 5 is grayed out, click on Manage protection settings instead and configure the policy settings according to Use the Microsoft 365 Defender portal to assign Standard and Strict preset security policies to users | Microsoft Learn.
Related linksβ
- Defender admin center - Preset security policies
- CISA 9 Attachment File Type - MS.EXO.9.4v1
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.9.4 |
| Severity | Medium |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaEmailFilterAlternative |
| Tags | CISA, CISA.MS.EXO.9.4, MS.EXO, MS.EXO.9.4 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaEmailFilterAlternative.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaEmailFilterAlternative.ps1