Malware attachment in mail

Hi @Anil Diwan, 

Thank you for reaching out to the Microsoft Q&A forum. 

Based on your description, you receive several emails daily containing malware attachments and want these messages to be rejected entirely instead of being delivered or quarantined. We truly appreciate the details you provided and your ongoing efforts to maintain a secure environment for your users. 

This situation occurs because Microsoft Defender for Office 365 (MDO) processes messages that include malware by quarantining them according to your organization’s security and compliance policies. The system’s default behavior is designed to protect end users while allowing administrators to review quarantined messages before final disposition. To make the service reject malware messages completely, a configuration change must be applied in your anti-malware policy. 

Please follow the steps below to enforce message rejection for malware: 

1/ Start by enforcing the anti‑malware policy to block and remove detected threats (Admin Only)

• Go to the Microsoft Defender portal → Email & collaboration → Policies & rules → Threat policies → Anti‑malware. Edit the applicable policy. 
• Under Malware detection response, set Action = Block (Delete the message). This ensures malware messages are dropped and never delivered or quarantined.  

For your reference: Configure anti-malware policies for email - Microsoft Defender for Office 365 | Microsoft Learn 

2/ Proceed by enforcing Safe Attachments policies to block threats throughout the organization (Admin only).

• In the Defender portal → Email & collaboration → Policies & rules → Threat policies → Safe Attachments. Create or edit your policy. 
• Set Action = Block so messages with detonated malware are removed before delivery. Apply to all intended recipients (you can use preset protection or a custom policy targeting users/groups). 

For your reference: Safe Attachments - Microsoft Defender for Office 365 | Microsoft Learn 

3/ As your account is managed by your organization, please contact your IT administrator to check your permission and policies. For a more efficient resolution, we recommend using your administrator account or contacting your IT administrator to submit a support request directly to Microsoft Support team.    

They can raise a support ticket by visiting: Get support - Microsoft 365 admin | Microsoft Learn 

With Microsoft 365 E5 (which includes Defender for Office 365 Plan 2), these steps can be implemented directly. Users with MDO Plan 1 will need an admin-defined anti-malware policy since threat investigation automation differs between plans. 

For your information that you can concern: Anti-malware protection for email In Microsoft 365 - Microsoft Defender for Office 365 | Microsoft … 

As community moderators, we appreciate your understanding that our access to internal development details is limited. Our primary role is to guide users toward the appropriate resources and support channels. While we may not have visibility into deeper backend analysis, we’ll continue doing our best to support you within the scope of our responsibilities.  

I hope this information is helpful. Please follow these steps and let me know if it works for you. If you have any updates regarding the issue, please feel free to share them with me.   

Thank you for your patience and your understanding. If you have any questions or need further assistance, please feel free to share them in the comments on this post so I can continue to support you.   

I look forward to continuing the conversation. 

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.