> For the complete documentation index, see [llms.txt](https://docs.tminus365.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tminus365.com/security/teams/attachments-should-be-scanned-for-malware.md).

# Attachments SHOULD Be Scanned for Malware

## Description

Safe attachment protection policies from Defender for Office 365 should be enabled and configured for Teams. Attachments should be scanned in a sandbox for malware upon opening or downloading.

## Policy

* Attachments included with Teams messages SHOULD be scanned for malware. Users SHOULD be prevented from opening or downloading files detected as malware.

## Licensing Considerations

Safe Attachments can be configured with the Following plans

* Defender for Office 365 Plan 1/2
* Microsoft 365 Business Premium
* Office 365 E5/A5/G5
* Microsoft 365 E5/A5/G5
* Microsoft 365 E5/A5/G5 Information Protection and Governance
* Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance

## Set Up Instructions

Resources:

[Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Learn](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-configure?view=o365-worldwide#use-exchange-online-powershell-to-turn-on-safe-attachments-for-sharepoint-onedrive-and-microsoft-teams)

To enable Safe Attachments for Teams follow the steps listed [here](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-configure?view=o365-worldwide#step-1-use-the-microsoft-365-defender-portal-to-turn-on-safe-attachments-for-sharepoint-onedrive-and-microsoft-teams)

## End-User Impact

{% hint style="info" %}
Level: <mark style="color:green;">Low</mark>
{% endhint %}

When safe attachments are enabled in Teams users will experience more latency for files to open as they are scanned. Users will get a prompt in Teams that lets them know the file is being scanned for malicious content.

{% hint style="info" %}
Tips

None Currently
{% endhint %}

## PowerShell Scripts

[Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Learn](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-configure?view=o365-worldwide#use-exchange-online-powershell-to-turn-on-safe-attachments-for-sharepoint-onedrive-and-microsoft-teams)

## Videos

{% embed url="<https://www.youtube.com/watch?v=An7YLf_dfpk>" %}

{% embed url="<https://www.youtube.com/watch?v=JQM52r3ok8c>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.tminus365.com/security/teams/attachments-should-be-scanned-for-malware.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.