Reducing malware threats through file attachment blocking in Exchange Online Protection

Most malware that enters an environment through email does so using an executable payload attached to an email message. To reduce your risk from malware that may not be detected by Exchange Online Protection, you should enable file attachment blocking.

File attachment blocking covers file types and file name extensions, and is useful to broadly block any email with attachments. For example, following a malware outbreak, a company could apply this rule with a time limit included so that everyone affected can get back to sending attachments after a specified length of time. The following procedure explains how to reduce malware threats through file attachment blocking.

Reducing malware threats through file attachment blocking

To create a rule to block attachments that contain executable content in Exchange Online Protection, follow these steps:

  1. Sign in to the Exchange Admin Center.

  2. Click Mail flow. Click Rules. Click New (+), and then click Create a new rule.

  3. In the Name box, specify a name for the rule, and then click More options.

  4. Under Apply this rule if, point to Any attachment, and then select has executable content near the bottom of the page.

  5. Under Do the following, point to Block the message, and then select the action that you want.

  6. Click Save. Your attachment blocking rule is now in force.

For more information

For more information, see Using transport rules to inspect message attachments.