title: Manage automation file uploads description: Enable content analysis and configure the file extension and email attachment extensions that will be submitted for analysis ms.service: defender-endpoint ms.author: painbar author: paulinbar ms.localizationpriority: medium manager: bagol audience: ITPro ms.collection:
- m365-security
- tier2
ms.topic: how-to
search.appverid: met150
ms.date: 06/25/2024
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
Microsoft uses various file investigation mechanisms to inspect and analyze files.
Identify the files and email attachments by specifying the file extension names and email attachment extension names.
For example, if you add exe and bat as file or attachment extension names, then all files or attachments with those extensions will automatically be sent to the cloud for additional inspection during Automated investigation.
Note
Microsoft securely stores the files submitted for a six-month period. Files are promptly deleted after six months.
Important
Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
-
Sign in to the Microsoft Defender portal using an account with the Security administrator or Global administrator role assigned.
-
In the navigation pane, select Settings > Endpoints > Rules > Automation uploads.
-
Toggle the content analysis setting between On and Off.
-
Configure the following extension names and separate extension names with a comma:
- File extension names - Suspicious files except email attachments will be submitted for additional inspection
Note
By default you will see several extension names are automatically filled. One of them is double quotes ("), this will include files that don't have any file extensions at all.