L1 BIO 12.02.01 ISO A.12.2.1 CIS M365 - Safe Attachments

M365 Defender: Schakel In Safe Attachments Policy

πŸ“… 2025-10-30
β€’
⏱️ 3 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

Safe Attachments is sandbox detonation - alle email attachments executed in isolated cloud sandbox voordat delivery (zero-day malware detectie).

Aanbeveling
IMPLEMENT IMMEDIATELY
Risico zonder
Critical
Risk Score
10/10
Implementatie
6u (tech: 3u)
Van toepassing op:
βœ“ Microsoft 365 Defender voor Office 365

Email attachments is malware delivery: Traditional AV: Signature-based (known malware only), Zero-day exploits: No signatures β†’ bypasses AV. Safe Attachments: Sandbox execution: Open attachment in isolated VM (Windows + Office), Behavioral analysis: monitoren voor malicious activity (file versleuteling, registry changes, netwerkverbindings), Verdict: Malware detected β†’ quarantine, Clean β†’ deliver.

Implementatie

Safe Attachments policy: alle attachments: Sandboxed (no bypasses), Action: Block (delete malware emails), Dynamic Delivery: Placeholder delivered onmiddellijk (attachment analyzed in background β†’ replaced Wanneer clean), File types: Office docs, PDFs, executables.

Vereisten

  1. Microsoft 365 E5 of Defender voor Office 365 Plan 1/2
  2. Exchange Online

Implementatie

Gebruik PowerShell-script safe-attachments-policy-enabled.ps1 (functie Invoke-Implementation) – Implementeren.

Microsoft 365 Defender Portal: Email & collaboration β†’ Policies & rules β†’ Threat policies β†’ Safe Attachments β†’ Maak policy β†’ schakel in: Scan alle attachments β†’ Action: Block (delete) β†’ schakel in Dynamic Delivery.

Compliance

BIO 12.02 (Malware bescherming), ISO 27001 A.12.2.1, CIS M365 Benchmark, NIST SI-3, NIS2 Art. 21.

Monitoring

Gebruik PowerShell-script safe-attachments-policy-enabled.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script safe-attachments-policy-enabled.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# ================================================================================ M365 POWERSHELL SCRIPT - Nederlandse Baseline voor Veilige Cloud ================================================================================ .SYNOPSIS M365 Defender: schakel in Safe Attachments Policy .DESCRIPTION Implementeert, monitort en herstelt: M365 Defender: schakel in Safe Attachments Policy .NOTES Filename: safe-attachments-policy-enabled.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Workload: Microsoft 365 Category: defender-email #> #Requires -Version 5.1 [CmdletBinding()] param() $ErrorActionPreference = 'Stop' function Invoke-Implementation { <# .SYNOPSIS Implementeert de configuratie #> [CmdletBinding()] param() Write-Host "[INFO] Invoke-Implementation - M365 Defender: schakel in Safe Attachments Policy" -ForegroundColor Cyan Invoke-Remediation } function Invoke-Monitoring { <# .SYNOPSIS Controleert de huidige configuratie status #> [CmdletBinding()] param() try { Write-Host " ========================================" -ForegroundColor Cyan Write-Host "M365 Defender: schakel in Safe Attachments Policy - Monitoring" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan # TODO: Implementeer monitoring logica voor M365 Defender: schakel in Safe Attachments Policy Write-Host "[INFO] Monitoring check voor M365 Defender: schakel in Safe Attachments Policy" -ForegroundColor Yellow Write-Host "[OK] Monitoring check completed" -ForegroundColor Green } catch { Write-Error "Monitoring failed: $_" throw } } function Invoke-Remediation { <# .SYNOPSIS Herstelt de configuratie naar de gewenste staat #> [CmdletBinding()] param() try { Write-Host " ========================================" -ForegroundColor Cyan Write-Host "M365 Defender: schakel in Safe Attachments Policy - Remediation" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan # TODO: Implementeer remediation logica voor M365 Defender: schakel in Safe Attachments Policy Write-Host "[INFO] Remediation voor M365 Defender: schakel in Safe Attachments Policy" -ForegroundColor Yellow Write-Host "[OK] Remediation completed" -ForegroundColor Green } catch { Write-Error "Remediation failed: $_" throw } }

Risico zonder implementatie

Risico zonder implementatie
Critical: KRITIEK: Email attachments is #1 malware/ransomware delivery. Zero-day bescherming REQUIRED.

Management Samenvatting

schakel in Safe Attachments (Defender voor Office 365). Sandbox alle attachments. Zero-day malware bescherming. Vereist dat E5/Defender Plan 1+. Implementatie: 3-6 uur.