Secure U of T advanced threat protections: Safe Attachments for email, OneDrive, SharePoint and Teams


Safe Attachments (Email)

What are Safe Attachments (Email)?

Secure U of T Safe Attachments uses Microsoft threat detection software to protect users from malicious attachments like Excel, Word or PDF files that contain malicious code or actions. 

How do Safe Attachments (Email) work? 

Safe Attachments works on email coming from both external and internal sources, meaning it can protect the University’s users from internal threats such as a compromised University of Toronto computer or email account. Safe Attachments work in the following way: 

  1. Email attachments in an email are opened in a virtual ‘sandbox’ environment in Microsoft 365 – not on your computer.
  2. Your email attachments are automatically checked for malicious content or actions. Please note that encrypted mail or attachments and password protected attachments cannot be scanned. Users should ensure they were expecting mail from the sender before opening encrypted or password protected attachments.
  3. If an attachment is deemed safe, the email and attachment will be delivered to your inbox.
  4. If an attachment is deemed unsafe, the email message will be quarantined and you will not receive it. By default, only admins (not users) can review, release or delete the messages.

Note: Attachment scanning will only scan attachments that are common targets for malicious content, such as Office documents, PDFs, executable file types and flash files. The scanning process is automated; the files are not seen by humans and are not retained.  

Safe Attachments (OneDrive, SharePoint and Teams)

What are Safe Attachments (OneDrive, SharePoint and Teams)?

Safe Attachments for SharePoint, OneDrive and Microsoft Teams help detect and block existing files that are identified as malicious in team sites and document libraries. 

How do Safe Attachments (OneDrive, SharePoint and Teams) work?

When Safe Attachments for SharePoint, OneDrive, and Teams are enabled and identify a file as malicious, the file is locked. The following images show examples of malicious files detected in a library.

On a computer:

Files in OneDrive for Business with one detected as malicious.

On a mobile device:

Deleting a blocked file from OneDrive for Business from the OneDrive mobile app.

Although the blocked file is still listed in the document library and in web, mobile, or desktop applications, you won't be able to open, copy, move or share the file. You can delete the blocked file.

Learn more

For information about other Secure U of T features and frequently asked questions, please see the Secure U of T overview article.