Protected View works by opening suspicious files in a "read-only" mode where all user editing features and dynamic content execution are blocked by default.
Protected View activates for all files that have originated from outside an organization, such as files opened from an Internet location, files received as an email attachment (from domains that a sysadmin has not marked as safe), or files opened from an unsafe storage location (such as the Temp folder).
However, sometimes, users have to edit these files in order to get their job done, and they have to exit the Protected View sandbox to do so.
Here is where Safe Documents comes into play.
Microsoft says that when users choose to leave the Protected View mode -- if Safe Documents is activated -- it will send the file to Microsoft Defender Advanced Threat Protection (ATP) (the commercial version of Microsoft Defender) and have it scanned before allowing the user to exit Protected View and edit the file.
As the file is scanned, Protected View remains active, but if the file is deemed safe, the classic "Enable Editing" button appears, allowing users to fully exit Protected View and enter Office's normal editing mode.
If the file is found to be malicious, or contain malicious or suspicious functions, the file is blocked from leaving Protected View, and an alert is sent back to the company's Office 365 dashboard.
Microsoft says that starting this week, Safe Documents is now available for Office 365 customers with an E5 license -- the company's highest and most expensive Office 365 tier.
Safe Documents is disabled by default, so administrators will have to manually enable it from their Office 365 dashboards.
Once enabled, the feature becomes active for all an organization's users. Support for enabling the feature for Office 365 user groups will be added in a future update, Microsoft said on Twitter, on Tuesday.