How to reduce malware threats through file attachment blocking in Exchange Online Protection

Applies to: Exchange OnlineExchange Online Protection

INTRODUCTION


Most malware that enters an environment through email does so through an executable payload that's attached to an email message.

To reduce your risk from malware that may not be detected by Exchange Online Protection, you should enable file type blocking and file name extension blocking. This article describes how to do this.

PROCEDURE


To create a rule to block attachments that contain executable content in Exchange Online Protection, follow these steps:
  1. Sign in to the Exchange admin center.
  2. Click mail flow, click rules, click New (), and then click Create a new rule.
  3. In the Name box, specify a name for the rule, and then click More options.
  4. Under Apply this rule if, point to Any attachment, and then select has executable content near the bottom of the page.
  5. Under Do the following, point to Block the message, and then select the action that you want.
  6. Click save.
The following is a screen shot of a sample rule.

Screen shot of the Exchange admin center, showing an example rule

MORE INFORMATION


Microsoft is continually updating its virus definition catalog based on submissions. However, to provide customers with the most immediate and effective defense, a file filter block policy is critical.

For more information about malware defense practices and strategies, see the following Microsoft TechNet resources:
Still need help? Go to Microsoft Community.