Essential Security Rules For Microsoft Office365
The standard email malware protection in Office365 is quite basic and if your account was not setup by a Microsoft Partner or Office365 specialist you may not have these two basic blocking rules in place.
  • Any attachment has executable content
  • Any attachment's file extension matches js or lnk or mht or url or wsf
Add these rules in your Office365 portal by selecting Admin Centers - Exchange - mail flow - rules