Office 365 Can Now Open Attachments in a Sandbox | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Office 365 Can Now Open Attachments in a Sandbox

by Chris Brook on Wednesday August 26, 2020

Contact Us
Free Demo

Microsoft has released a new feature update - Application Guard - that opens suspicious looking attachments in a sandbox to prevent malicious activity.

Malware laden attachments in emails have long been a favored attack vector for hackers.

Over the years, hackers have used attachments in spam emails to hide malware, mostly in rigged ZIP, PDF, and perhaps most common of all, Microsoft Office documents. They can also use ISO or IMG files, which when clicked, download and execute payloads.

While most email platforms have mechanisms in place to block nefarious activity, every so often suspicious emails with questionable attachments make their way to users' inboxes.

Going forward, when users of Office 365 open potentially unsafe attachments, they'll be opened in a sandbox, an action which should deter malicious attachments from executing and exploiting vulnerabilities. Microsoft formally rolled out the feature, Application Guard for Office, in public preview earlier this week.

Eric Wayne, a senior Microsoft 365 Apps Architect, shared the news on Monday describing it as a "a secure container that is isolated from the device through hardware-based virtualization."

When Office opens files in Application Guard, users can securely read, edit, print, and save files without having to reopen them outside the container, Wayne added.

It sounds like when enabled, Application Guard will open Word documents that appear compromised, like files with macros, which can be used to download malware or run PowerShell code, cautiously, in a container that's separate from the rest of Windows.

While macro malware sometimes feels as old as the internet itself, it continues to be a thorn in the side of IT admins.

While Application Guard was launched in limited preview for Office 365 last fall and a private preview this February, it wasn't ready for primetime until this week. It previously released a public preview of another feature, Safe Documents, which scans documents and files users open in Protected View in 365 E5 or Microsoft 365 E5 Security, earlier this year.

While the feature will be off by default, it can be turned on by admins who oversee environments with Word, Excel, PowerPoint for Microsoft 365, and Windows 10 Enterprise, Microsoft claims.

The company has published instructions on installing the feature, alongside guidance on its limitations and performance optimizations on its Microsoft 365 help center page.

Tags: Email Security

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.