Office 365 – Have You Enabled “Common Attachment Blocking”?

Office 365 – Have You Enabled “Common Attachment Blocking”?

Anyone who works with Office 365 knows that there is no shortage of new features rolling out, the pace at which new functionality is made available definitely keeps you on your toes.

Part of what inspired me to develop is that I wanted to know more about when features progressed through the various stages on the official Office 365 Roadmap. Even with that tight watch of the roadmap, there are 164 features currently in some sort of “in progress” state and it’s hard to track them all.

On top of the features documented on the roadmap, there are occasionally small items that either slip through the cracks or isn’t worthy of a roadmap mention. One of those features is the “Common Attachment Blocking” feature in EOP that was introduced sometime in the last month or so.

Below is a summary of what “Common Attachment Blocking” is all about…

The Timeline

Chatter about “Common Attachment Blocking (CAB)” started on one of the EOP blogs back around August 2015. In January of this year, there was a mention on a different EOP blog and on the Office blog that the feature would be coming in “the next quarter”. And then… Well, that was it. I never saw another mention of the feature or it’s rollout status.

It turns out that the feature was released in the last couple of months and you’ll likely find it available in your tenant right now.

A “New” Feature?

There’s always been a way to block attachments by extension in EOP via a transport rule. However, using a transport rule gave you somewhat limited options when it came to the user experience. You could reject or delete a message with an attachment but there wasn’t a clean way to just strip the attachment and send the message along to the end user.

Using “Common Attachment Blocking”

You’ll find CAB buried in the Anti-Malware Filter Policy in EOP. From the Exchange Admin Center, if you navigate to “Protection” and then “Malware Filter”, you’ll see your default policy. On the “Settings” tab is the option to enable CAB; despite being “recommended”, it will be disabled by default in your policy.

Once enabled, there is a default list of 10 file extensions that Microsoft Helpline number +1-844-728-4045 has selected and you can add more from a pre-defined list of 96 file extensions. All your favorites such as .exe, .com and .vbs are there.

TIP: While you cannot add custom extensions via the portal, it does appear that you can use the “-FileTypes” switch on the “Set-MalwareFilterPolicy” cmdlet to add extensions, not in the list of 96.

User Experience

Any attachment file extension that you’ve selected will trigger the “Malware Detection Response” in your policy. You have the option to delete the message in its entirety or you can replace the attachment with a text file containing a notification.

The default notification looks like this:

Otherwise, you can provide custom text in the notification.

Leave a Comment

error: Content is protected !!