Office 365 Users Get Automated Protection From Malicious Docs

Microsoft announced that a new security feature dubbed Safe Documents will be available in private preview for Office 365 ProPlus customers starting today.

Safe Documents, now available in private preview for Microsoft 365 E5 and E5 Security customers, is designed to automatically check Microsoft Office documents against known threat profiles and risks before allowing the users to open them.

Safe Documents is an Office 365 Advanced Threat Protection (ATP) feature that uses Microsoft Defender Advanced Threat Protection to automatically scan documents opened in Protected View.

“Users are not asked to decide on their own whether a document can be trusted; they can simply focus on the work to be done,” Microsoft explains.

“This seamless connection between the desktop and the cloud both simplifies the user workflow and helps to keep the network more secure.”

To configure Safe Documents, you have to use the Office 365 Security & Compliance Center as detailed here. Safe Documents will be rolling out in stages, to be initially available for tenants from the U.S., the U.K., and the European Union.

Private preview for Application Guard expands to more tenants

Application Guard was first introduced three years ago by Microsoft in the Edge browser as the Windows Defender Application Guard for users of Windows 10 Enterprise and Education.

In November 2019, Application Guard was also made available as Microsoft Office Application Guard as part of a public limited preview for Office 365 ProPlus. The feature allows users to open attachments within a virtualized container that protects Windows installation from exploits and malicious macros.

Today, Microsoft announced that it is significantly expanding its private preview to become generally available during the summer of 2020.

Application Guard allows Office users to defend against potentially malicious files originating from the internet, from unsafe locations, and Outlook attachments.

Microsoft Office Application Guard indicator (Microsoft)

“Application Guard’s enforcement – with a new instance of Windows 10 and separate copy of the kernel – completely blocks access to memory, local storage, installed applications, corporate network endpoints, or any other resources of interest to the attacker,” Microsoft explains.

“That means Office users will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. Users can stay productive – make edits, print, and save changes – all while protected with hardware-level security.”

Office 365 will automatically use Application Guard to isolate untrusted documents if all the following conditions are met otherwise it switches to Protected View:

• Application Guard is enabled in Windows. This can be enabled by either an administrator deploying policy or the user.
• The user is using an Office 365 ProPlus client.
• The user signed in to Office is licensed for Application Guard. Application Guard for Office will require either a Microsoft 365 E5 or Microsoft 365 E5 Security license.

According to Microsoft’s announcement, “both Safe Documents and Application Guard connect to the Microsoft Security Center, providing admins with advanced visibility and response capabilities including alerts, logs, confirmation the attack was contained, and the ability to see and act on similar threats across the enterprise.”

The Safe Documents and Application Guard Office 365 ProPlus features seamlessly integrate with Windows 10, Office 365 ProPlus, and Microsoft Defender Advanced Threat Protection, and they will be available to Microsoft 365 E5 and E5 Security customers in the U.S., U.K., and European Union.