Challenge #6

Implement Malware Alerting System

Strengthen your internal security with a malware alerting system in Microsoft 365. Be instantly informed when internal users send malware-infected files.

Why?

Cybersecurity isn’t just about warding off external threats; it’s equally crucial to keep an eye on what happens inside your digital domain. Despite having a robust external defense with Exchange Online Protection (EOP), internal threats, often accidental, can pose a significant risk. Imagine a situation where an employee unknowingly sends a malware-infected file. Without immediate detection, this can escalate into a substantial security breach.

This is where an internal malware alerting system becomes invaluable. It acts like a vigilant sentinel, immediately informing your IT security team if such an incident occurs. This rapid response system isn’t just about reacting to threats; it’s a proactive tool for swift action and thorough investigation. It ensures that a minor incident doesn’t snowball into a major crisis. By implementing this, you involve everyone in your organization in the collective effort of maintaining cybersecurity, reinforcing the idea that security is a shared responsibility.

How?

Activating a malware alerting system in Microsoft 365 is a straightforward process. Here’s how you can set it up to keep your internal communications secure:

Step 1: Go to the Microsoft 365 Defender Portal

On your computer, launch a new browser window (Edge, Chrome), and type in https://security.microsoft.com/ and press enter.

Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

Step 2: Adjust Email & Collaboration Policies

Within the Microsoft Defender Center:

Look for and select Email & Collaboration along the left-hand side menu
Under Email & Collaboration, look for and select Policies & rules
In the Policies & rules window, select Threat policies

Step 3: Edit Anti-malware Settings

Within the Threat policies window, under Policies, find and select Anti-malware
Within the Anti-malware window, select the Default (Default) policy

Step 4: Configure Notifications

Now with the Default policy open, scroll down and select Edit protection settings
Under Notifications and Admin notifications, check the box to Notify an admin about undelivered messages from internal senders
Now specific an admin email address to receive the notifications and alerts
If you’d like, you could also enable customized notification text but, for now, you’ll be fine with just the default notifications

Step 5: Save Your Settings

Once you are satisfied, click Save.

Previous Challenge

Next Challenge

While you’re here…

Ransomware Is Rising In Canada: 5 Assumptions That Quietly Increase Your Exposure

Feb 26, 2026

Why Canadian SMBs are overestimating their ransomware readiness in 2026 The Canadian Centre for Cyber Security reports that ransomware incidents known to the Cyber Centre have increased by an average of 26% per year since 2021.¹ That’s not just a statistic. It’s a...

The Hidden Risk Of Relying On A Single Internal “Hero”

Feb 25, 2026

Everything seemed fine - systems running, backups in place, no obvious red flags. Until the one moment no one was watching exposed what wasn’t actually covered. And in most businesses, that moment doesn’t start with a cyberattack. It starts with something much more...

Windows Server 2016 End of Life: Upgrade or Replace? How SMBs Should Decide

Feb 9, 2026

Windows Server 2016 is approaching end of support. When that happens, the risk and accountability around that server change. For many SMBs, the default reaction is understandable: “We need to upgrade.” “What’s the next version?” Reasonable. But this is where most IT...