Microsoft Office 365 Block Email Attachments

Emails are one of the most targeted platforms when it comes to end users. End users accept mails as legitimate even after numerous training sessions. For the reason Administrators needs to protect them against as much as possible mails prior to actually coming through to their Mail box. In this tutorial we are gonna Block Email attachments with Specific file extension in the Microsoft Office 365 Exchange Admin Center.

Exchange Admin Center

Start off by login into your Microsoft 365 Admin Center and then going to the Exchange Admin Center. The following URL will take you directly through:

Once logged in on the Right go to Mail Flow and make sure you are on the Rules Section on the Right Side of the screen.

Exchange Admin Center New Rule
Block Mail Attachments on Mails

Click the Plus Sign (+) and choose the option “Create a New rule…

Exchange Admin Center New Rule
Block Mail Attachments on Mails

Before starting to fill in anything choose “More Options” at the bottom of the Pop up Screen.

Exchange Admin Center New Rule
Block Mail Attachments on Mails

The name of the Rule is something descriptive like “Block Attachments on Mail“. Remember that other admins must be able to understand what you tried to achieve with the rule created to not potentially break the Flow.

When to apply

For the Condition choose “Any attachment’s File Extension Matches…
You can then specify which attachment extensions must be blocked. Only type in the Extension, not the preceding dot (.)

Exchange Admin Center New Rule
Block Mail Attachments on Mails

What to do

For “*Do the following” you will have two options. The first will be “Delete the message without Notifying anyone“. The reason I choose this one is that the notification goes to the sender as well. If the sender is a Spammer or Domain Spoofer we do not want to notify them that the mail was deleted because we don’t want to give them a chance to try another way of getting through our security rules setup. They must think the mail was delivered successfully.

The Second Option we then choose is: “Notify the Recipient with a Message…” and this is to allow for the reporting of False Positive mails. Sometimes a Legitimate mail is expected and can be blocked. If something like this happens we can then setup Exceptions for Specific Users or domains depending on the need of the Business.

As per above Example the message simply reads: “A Message that contained Potential harmful attachment(s) has been deleted prior to Delivery“. The Message subject will still be present when the Recipient receives the mail and can report any anomalies to the IT Administrators.

See YouTube Video


If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.
Thanks for reading.

Spread the love

1 thought on “Microsoft Office 365 Block Email Attachments”

Leave a Reply

Your email address will not be published. Required fields are marked *