Emails are one of the most targeted platforms when it comes to end users. End users accept mails as legitimate even after numerous training sessions. For the reason Administrators needs to protect them against as much as possible mails prior to actually coming through to their Mail box. In this tutorial we are gonna Block Email attachments with Specific file extension in the Microsoft Office 365 Exchange Admin Center.
Exchange Admin Center
Start off by login into your Microsoft 365 Admin Center and then going to the Exchange Admin Center. The following URL will take you directly through: https://outlook.office365.com/ecp
Once logged in on the Right go to Mail Flow and make sure you are on the Rules Section on the Right Side of the screen.
Click the Plus Sign (+) and choose the option “Create a New rule…“
Before starting to fill in anything choose “More Options” at the bottom of the Pop up Screen.
The name of the Rule is something descriptive like “Block Attachments on Mail“. Remember that other admins must be able to understand what you tried to achieve with the rule created to not potentially break the Flow.
When to apply
For the Condition choose “Any attachment’s File Extension Matches…“
You can then specify which attachment extensions must be blocked. Only type in the Extension, not the preceding dot (.)
What to do
For “*Do the following” you will have two options. The first will be “Delete the message without Notifying anyone“. The reason I choose this one is that the notification goes to the sender as well. If the sender is a Spammer or Domain Spoofer we do not want to notify them that the mail was deleted because we don’t want to give them a chance to try another way of getting through our security rules setup. They must think the mail was delivered successfully.
The Second Option we then choose is: “Notify the Recipient with a Message…” and this is to allow for the reporting of False Positive mails. Sometimes a Legitimate mail is expected and can be blocked. If something like this happens we can then setup Exceptions for Specific Users or domains depending on the need of the Business.
As per above Example the message simply reads: “A Message that contained Potential harmful attachment(s) has been deleted prior to Delivery“. The Message subject will still be present when the Recipient receives the mail and can report any anomalies to the IT Administrators.