Office 365 adds new security feature, but not everyone will get it yet

(Image credit: Paolo Bona /

Microsoft yesterday (June 22) announced that Safe Documents -- unveiled in February through a private preview -- is now available for some enterprise and educational users of Office 365.

The new feature alerts users to security threats within documents that the users have downloaded. The feature is set to “keeps enterprise users safe by verifying untrusted files on their behalf”.

The Safe Documents feature analyses files for security risks and won’t enable users to exit Protected View until the analysis has been completed.

Writing in a blog post,  Microsoft’s Kenny Shi said: “Although Protected View helps secure documents originating outside the organization, people too often exit the protection sandbox without considering if the document is safe -- leaving their organizations vulnerable.

“To improve this trust promotion experience for Microsoft 365 Apps, Safe Documents takes away the guesswork by automatically verifying the document against the latest known risks and threat profiles before allowing users to leave the Protected View container.”

Safe Documents is powered by Microsoft Defender Advanced Threat Protection, ensuring that files aren’t compromised and don’t pose a risk to users. 

“Safe Documents leverages the power of the Microsoft Intelligent Security Graph and brings it to the desktop,” Shi explained.

“When an admin enables Safe Documents for their tenant, untrusted files that open in Protected View go through an additional flow where the document is uploaded and scanned by Microsoft Defender ATP.”

Microsoft Defender ATP is the enterprise counterpart of the Windows Defender antivirus software available on consumer Windows systems. Safe Documents is not switched on by default, but must be enabled by an administrator.

Extra protection for Office users

Microsoft confirmed that when a scan takes place, users can view their documents but won’t be able to edit them until the scan is finished. 

If a malicious file is detected, Microsoft said users will be “blocked from leaving the Protected View container”.

The firm explained: “Admins can configure whether users can bypass and ‘Enable Editing’ for malicious scenarios in the Admin portal.”

Users will also be able to use the Advanced Hunting functionality from Microsoft Defender Advanced Threat Protection. 

Microsoft said people can use this to “get additional details in their tenants by using the DeviceEvents table and filtering for ActionType ‘SafeDocFileScan’.”

To set up the feature, security admins should head to the Security & Compliance center > Threat Management > Policy > ATP Safe Attachments. Here, you’ll see an option for “‘Turn on Safe Documents for Office clients."

This feature should significantly reduce the number of successful malware attacks upon Office 365 customers. Malware often sneaks into computers via Word or Excel attachments to email messages. 

Protected View has long aimed to counter that, but clearly too many people just find Protected View an annoyance and exit it without thinking of potential consequences. Microsoft is, in effect, giving you greater protection by removing some of your power to make mistakes.

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!