Essential Security Rules For Microsoft Office 365
The standard email malware protection in Office365 is quite basic and if your account was not setup by a Microsoft Partner or Office365 specialist you may not have these three basic rules in place.
  • Malware Filter, turn on Common Attachment Types Filter
  • Block any attachment that has executable content
  • Any attachment's file extension matches js or lnk or mht or url or wsf
Add these rules in your Office365 portal by selecting Admin Centers - Exchange - protection - malware filter

Set the Common Attachment Types Filter to On. Notice that .docm may be in the list, which you may want to remove.

Add the remaining rules in your Office365 portal by selecting Admin Centers - Exchange - mail flow - rules

Any attachment's file extension matches js or lnk or mht or url or wsf