Create email rules to prevent ransomware
From the admin center at https://admin.microsoft.com, choose Exchange under Admin centers.
From the menu on the left, choose mail flow.
On the rules tab, choose the arrow next to the plus (+) symbol, and then choose Create a new rule.
On the new rule page, enter a name for your rule, scroll to the bottom, and then choose More options.
Under Apply this rule if, select Any attachment, and then select file extension includes these words.
In the box under specify words or phrases, enter the file extensions that you want the rule to be applied to, such as file extensions that can contain macros. Use the plus (+) symbol to add them one at a time.
Learn more about file types by reading Protect against ransomware.
Scroll down to review your list, and then choose OK.
On the new rule page, choose add condition, and then choose a condition under Do the following.
You have many rule options to choose from, but in this example we'll choose to Notify the recipient with a message.
Enter message text for your notification, and then chose OK.
Optional: On the new rule page, choose add exception, and enter any details for exceptions to your rule, such as messages from trusted senders.
On the new rule page, choose Save, and review the rule summary information provided.