DEMO: Configure Anti-Malware
Start course

This course shows how to set up Microsoft Defender for Microsoft 365 through a series of practical demonstrations from the Microsoft 365 platform. You will learn about some general cybersecurity practices before being shown how Microsoft Defender can help you implement them.

Learning Objectives

  • Understand how to protect against phishing, malware, and spam using Microsoft Defender
  • Learn about safe links and safe attachments and configure them
  • Learn how to enable zero-day malware protection

Intended Audience

This course is intended for those who wish to learn how to configure protection in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Microsoft 365.


Hello and welcome back. In this demonstration here, we're gonna walk through the process of creating an anti-malware policy. Anti-malware policies are used to protect exchange online mailboxes from malware obviously.

On the screen here, I'm logged into my Office 365 security and compliance portal. So what we can do here is bounce down into policy under threat management, and then under policies here we have the anti-phishing safe attachments all this fun stuff and right here we have anti-malware.

Let's go ahead and select anti-malware and we can see, we already have a default policy here, but what we're gonna do is create a new policy. Now before we do this, I should point out that you need to be assigned permissions in exchange online, before you can create these policies. For example, you need to be a member of either organization management or security administrator to be able to do this. I'm already part of the organization management role group.

So what we'll do here is we'll click Create to begin the process. What we need to do here for our new policy is provide a name, a description here is optional. And then what we'll have to do is configure the malware detection response, some common attachments type filters, and then we'll have to configure our a Zero-hour Auto Purge settings, some notifications and then specify what this policy applies to or who it applies to, I should say. So we'll just call this policy, My Anti-Malware Policy. Go ahead and Next it here.

Now we can see here, what it's telling us is that if malware is detected in an attachment, the message gets quarantined and only an admin can release the message. However, if malware gets detected in the message body of an email, that message and all attachments are deleted regardless of which option we select here. And essentially what we're doing here is configuring who gets notifications. The default here is no, which means recipients are not notified that their messages are quarantined. So if Steve sends an email to Bill and that email to Bill gets quarantined, generally speaking, you wanna let at least Bill know that, hey, there was an email bound for you and it got quarantined but the fault here is to tell people no and that's more of a protection thing. You don't want people trying to chase down emails that have already been identified as suspected of being infected with malware.

And then you have a couple of different options here. You have a yes and then you use the default notification text and then yes, and you can create a custom notification text. We'll just leave this set at the default, No, for this demonstration here and we'll go ahead and click Next. And then here, this common attachment types filter allows us to enable a blocking of specific attachment types that might cause problems for us. 

Notice here, the default is on and we do have several attachment types that are already configured. If we click choose type here, we can see we already have 10 of them. And they're your typical suspects, vbs, vbe, exes, .reg files. Now, what I could do is just add another type here. And then from the list here, we can see all of the file types that are available. For this exercise will block .coms as well. So now we added. So we'll go ahead and click Done.

So now what this is going to do is block attachment types that include any of these extensions. So we'll go ahead and Next it. And then this Malware Zero-hour Auto Purge setting, what this does is protect users by automatically taking the policy's action to quarantine messages with malware detected after delivery. So we'll leave this turned on and we'll Next it and then we can define some notifications here.

We can let the internal centers of the identified emails that there was a problem. We can notify external senders which typically is not a good idea. You don't usually want to give a heads up to the bad guys that you're on to them. So usually you wouldn't turn that on. And then you have administrator notifications where you can tell an administrator about undelivered messages from internal and external senders. I would typically turn this on and then what you can do here is provide an email address for the notification and then you can customize notifications. We're not gonna bother with customization here and we'll just Next it. 

And then of course we have to specify a condition. And what we'll do here is we'll apply this to the domain. So that means any mail bound for will have this policy applied to it. So we'll Done this and then we'll Next it. And then what we can do here is review our settings. And if we're good with this, we can go ahead and create the policy. And then if we select the Policy from the list, we can then Edit the policy or Delete the policy. So that is how you create an anti-malware policy using the security and compliance center.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.