Mar 20 2017
04:25 AM
- last edited on
Feb 19 2021
04:47 AM
by
TechCommunityAP
Mar 20 2017
04:25 AM
- last edited on
Feb 19 2021
04:47 AM
by
TechCommunityAP
Hi, could somepone point to a full documentation about the different safe attachments policy modes (monitor, block, replace, dynamic delivery)?
Unfortunately the text links (learn more ...) in the configure policy windows do not work.
Monitor - Continue delivering the message after malware is detected; track scan results.
Block - Block the current and future emails and attachments with detected malware.
Replace - Block the attachments with detected malware, continue to deliver the message.
Dynamic Delivery - Deliver the message without attachments immediately and reattach once scan is complete.
I've tried out dynamic delivery, but my users are unappreciative of the fact that the message gets delivered first, before the attachment is fully scanned.
So I've just switched to "replace" for now and keep the in the dark about new emails, until is fully scanned.
What does block mean technically? What is considered as future emails?
Mar 20 2017 12:22 PM
SolutionBlocked means the entire message is scrapped, not just the attachment. Future emails is a bit dodgy, I guess they mean that once the attachment is stamped as malware, the action applies across the service. Pretty much what's described in this FAQ item:
Taken from: https://technet.microsoft.com/en-us/library/mt789012(v=exchg.150).aspx
And documentation seems to be non-existing indeed. Flagging some folks on MS side that might be able to help: @Jon Orton @Ankur Kothari
Jan 18 2023 08:38 AM - edited Jan 18 2023 08:39 AM
Could someone explain why Block is better, or the recommended default, than Dynamic Delivery? The end result sounds the same to me, except that Dynamic Delivery seems like it would work better in an enterprise setting. For example, with Dynamic Delivery, we'll know that Microsoft blocked certain attachments because the user still gets the email, but with Block, we'll never know if an important email in the queue was blocked.
Jan 31 2023 02:31 AM
Mar 20 2017 12:22 PM
SolutionBlocked means the entire message is scrapped, not just the attachment. Future emails is a bit dodgy, I guess they mean that once the attachment is stamped as malware, the action applies across the service. Pretty much what's described in this FAQ item:
Taken from: https://technet.microsoft.com/en-us/library/mt789012(v=exchg.150).aspx
And documentation seems to be non-existing indeed. Flagging some folks on MS side that might be able to help: @Jon Orton @Ankur Kothari