Office 365 Anti-Virus Settings
Want to save this blog for later? Download it now.
Microsoft’s Office 365 now allows you to manage your company’s anti-virus settings from directly within the Exchange Online Administration console. This is referred to as “Anti Malware protection”, as it blocks all kinds of Malware threats including viruses.
This article is the second in our series of articles about Office 365 Mail Protection settings. We encourage you to also read our articles on Office 365 Anti Spam settings and Email Connection Filtering for a complete picture of the mail protection provided by Office 365.
You can get a detailed report of how many malware, virus and spam messages are blocked by Exchange Online Protection within your Office 365 environment by signing up to our Office 365 reporting application.
How it works
Exchange Online Protection scans all email that enters and exits a mailbox. It does not scan emails that are already within a mailbox, as they have already been scanned. If an email is re-sent, replied to or forwarded it is re-scanned as it leaves the senders mailbox.
The messages are scanned against the latest version of the Virus and Malware definitions held by the server. The definitions are updated hourly and are provided to Microsoft under partnership by several different Anti Virus and Malware providers.
By default, messages that are suspected to contain a virus or malware are automatically deleted without notifying the sender or recipient. You can change this behavior using the instructions below.
If you suspect a piece of Malware or a virus has slipped through into a users mailbox, you can submit it to Microsoft and they will investigate if they need to update their definition files.
Customising the Anti-Malware settings
Unlike the previous version of Office 365 you can now manage and configure the Anti-Malware settings from directly within the Exchange Administrator Center.
If you are using a Small Business Office 365 subscription, you can access the Exchange Admin Center using this workaround.
Once you are there, click on the Protection link in the left hand Navigation Menu and select Malware Filter in the top menu.
To edit the Default Malware policy simply double click on it.
There isn’t a lot of customisation you can do with how Malware is detected and filtered, but you can modify the types of notifications that are sent out when an email containing a virus or malware is detected.
The options in the screenshot below can be modified to change the way that senders and recipients of messages containing malware are modified. The options are quite self explanatory.
Depending on the options you chose above, you can customise the notification emails using the section shown below. You have the choice to send a different malware notification email to either internal or external users.
Different Anti Virus settings for Different Groups of users
There may come a time when you have a group of users that have different notification requirements from the default. You can create an additional policy with different settings and apply it to users in a particular domain or security group.
To get started, click the + button in the Malware Filter section to create a new policy. Give it a name, description and select the actions you want. The types of notification settings are the same as the ones in the default policy above.
Now scroll down to the bottom and choose who this policy applies to. The options are:
The Recipient Is…: Using this option you can specify users directly that this policy will apply to. Useful if the director or CEO is complaining about SPAM and needs a custom setting!
The Recipient Domain Is…: This setting allows you to apply a custom spam policy to all recipients in the same domain.
The Recipient is a member of… This allows you to apply a policy to all members of an Exchange Online Security group, which is the option we have chosen in our example below.
These settings will now apply to the types of users you have specified in the last section.
If you found this blog post useful, and want to refer to it again, why not download it as a PDF?
Other posts in our Spam & Malware Series