Microsoft has announced the general availability of Safe Documents, a new security feature inside Microsoft 365 applications including World, Excel, and PowerPoint. The Safe Documents feature promises to safeguard enterprise users against untrusted files or documents.
Safe Documents now generally available
Safe Documents is built on top of the existing Protected View feature, a read-only mode where most editing functions are disabled. But how is Safe Documents different or better than Protected View, you ask?
According to Microsoft, the Safe Documents functionality improves the existing Protected View experience. But first, we need to understand what the Protected View feature is all about.
Protected View defends users against Office documents originating outside the organization.
But more often than not, people blind assume the document is safe and exit the protection sandbox without giving it a second thought. This is where Safe Documents comes into play.
“Safe Documents takes away the guesswork by automatically verifying the document against the latest known risks and threat profiles before allowing users to leave the Protected View container,” said Microsoft.
How the Safe Documents works
The Microsoft Intelligent Security Graph essentially brought Safe Documents to the desktop. In a nutshell, Safe Documents acts like an additional filter that calls Microsoft Defender Advanced Threat Protection (ATP) to upload and scan untrusted files opened in Protected View.
While Microsoft Defender ATP checks for potential threats, the Safe Documents feature will limit users’ ability to exit the Protected View container. Although users can access and read files and documents when the security assessment is in progress, users cannot make any edits until the security scan has completed.
“Once the file has been successfully scanned, users will be able to leave the Protected View container with confidence that their file is safe.”
In case Microsoft Defender ATP detects something harmful or malicious in an unprotected document originating outside the organization, users will be blocked from leaving the Protected View container even after the scan has completed. In that case, admins can configure whether users can bypass and ‘Enable Editing’ for malicious scenarios in the Admin portal.
How to enable Safe Documents
Safe Documents is not enabled by default. Security admins can enable this additional layer of protection if necessary. To enable Safe Documents, admins can navigate to Threat Management > Policy > ATP Safe Attachments under Security & Compliance Center.
