In place of the default policy, you may use a custom policy to specify in much more detail which inbound messages and attachment types are processed by ATP.
Because the default policy for ATP always takes precedence over a custom policy, you must first ensure the default ATP policy is disabled.
Disable the default ATP policy
- Select Service Settings > ATP
- If enabled, de-select Enable Attachment Threat Protection Default Policy
Email Security will display a notification confirming the change.
Create a custom policy
A custom policy allows for filtering of messages based on group, domain, mailbox, as well as multiple levels of rule sets and actions.
- Navigate to Policies > Advanced Policies
- Select the For Inbound Mail tab
- Click Create Policy and give the policy a name
- For Applies to, select Incoming Messages
- For Enabled for, choose the domains, groups, or mailboxes this policy should act on
- Create your rules. You must create at least one rule for Attachment Count | is greater than | 0 | number
- Add your actions. Be sure that
- No actions stop the message before the final action
- The final action is Send to sandbox. Any actions after Send to sandbox will be ignored
- Click Create Policy
Email Security will display a notification confirming the policy has been created. The new custom policy is automatically enabled.
If you disable your custom ATP policy, be sure to enable the default policy again, or ATP will not process any messages.
Carlos Rios
Comments