Essential Security Rules For Microsoft Office 365
The standard email malware protection in Office 365 is quite basic and if your account was not setup by a Microsoft Partner or Office 365 specialist you may not have these three basic rules in place.
- Malware Filter, turn on Common Attachments Filter
- Block any attachment that has executable content
- Any attachment's file extension matches the following list of 95 entries:
ace, ade, adp, ani, app, asp, bas, bat, cer, chm, cmd, com, cpl, crt, csh, der, dll, docm, dos, exe, fxp, gadget, hlp, hta, inf, ins, isp, its, jar, js, jse, ksh, lnk, mad, maf, mag, mam, maq, mar, mas, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msp, mst, obj, ops, os2, pcd, pif, plg, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, rar, reg, scf, scr, sct, shb, shs, tmp, url, vb, vbe, vbs, vsmacros, vsw, vxd, w16, ws, wsc, wsf, wsh, xnk
Add these rules in your Office 365 portal by going to https://protection.office.com/ selecting Office 365 Security & Compliance - Threat management - Policy - Anti-malware and select the Default policy.
Select Edit protection settings and tick Enable the common attachments filter.
Next select Customize files types and click Select all followed by Add which will add the following:
ace, ade, adp, ani, app, asp, bas, bat, cer, chm, cmd, com, cpl, crt, csh, der, dll, docm, dos, exe, fxp, gadget, hlp, hta, inf, ins, isp, its, jar, js, jse, ksh, lnk, mad, maf, mag, mam,
maq, mar, mas, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msp, mst, obj, ops, os2, pcd, pif, plg, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1,
psc2, pst, rar, reg, scf, scr, sct, shb, shs, tmp, url, vb, vbe, vbs, vsmacros, vsw, vxd, w16, ws, wsc, wsf, wsh, xnk
Lastly click Save followed by Close.
To add the remaining rule in your Office365 portal go to https://admin.microsoft.com/ and select Show all from the left hand main menu to display the Admin Centers. Select Exchange - Mail flow - Rules - Create a new rule.. and make sure you click ‘More options…’ otherwise you cannot see the option for Any attachment… has executable content.
Enter Block messages with executable attachments as the name and make sure you click ‘More options…’ otherwise you cannot see the option for Any attachment… has executable content.
Next in Apply this rule if select Any attachment... > has executable content.
In Do the following: select Block the message and then choose the action you want.
For most circumstances you can select delete the message without notifying anyone. Then click Save.
