Microsoft has announced that a new Office 365 ProPlus security feature called Safe Documents is now in public preview for both Microsoft 365 E5 and E5 Security customers.
Safe Documents automatically protects users from documents hiding exploits or malicious links by bringing the power of the company’s Intelligent Security Graph down to the desktop to verify that documents are safe at the endpoint itself.
While Protected View already helps secure documents that originate outside of an organization, users often exit the sandbox to do things such as print physical documents, which leaves their networks vulnerable.
Safe Documents automatically checks each document against known risks and threat profiles before allowing them to be opened. Users no longer need to decide on their own whether or not a document can be trusted and this allows them to instead focus on their work.
Application Guard integration
While first introduced in Edge to bring hardware-level containerization to the browser, Microsoft’s Application Guard is now integrated with Office 365 ProPlus. Application Guard provides an upgrade to Protected View which helps desktop users stay safer and more productive with container-based isolation for Office applications.
By using a new instance of Windows 10 as well as a separate copy of the kernel, Application Guard’s enforcement completely blocks access to memory, local storage, installed applications, corporate network endpoints and other resources that attackers may target.
The security tool allows Office users to open untrusted Word, Excel or PowerPoint files in a virtualized container where they can make edits, print and save changes all while protected with hardware-level security. If an untrusted file is malicious, the attack remains contained while user data and identity both remain untouched.
If a user then decides to trust a document to save on the network or start collaborating with others, Safe Documents will then to check to ensure that it is safe before allowing them to do so.
Safe Documents and Application Guard both connect to the Microsoft Security Center and this provides admins with advanced visibility as well as response capabilities including alerts, logs, confirmation the attack was contained and the ability to see and act on similar threats across their organization.