A detailed guide on how to setup the file extension blocking rules on 365.
INFORMATION
Microsoft Office 365 and Microsoft Exchange Online (the email platform within 365) offer the ability to have a number of specific rules within the mail delivery platform which can be used to block potential risks from being delivered to the end user.
Configuration of these rules as detailed below are not a requirement of the Cyber Essentials Standard, however, help towards the delivery of the standard and we believe offer a great level of protection to end-users, preventing the delivery, by email, of files which in reality, should never be sent via email.
We do not believe that users, or indeed anyone, within any organisation, should be receiving certain file types via email and allowing those file types to make it through to the end-user is a significant security risk.
Given how easy it is to encode an executable file with a PDF ICON that looks like a normal file to a user but when clicked to open is actually an executable file which can carry out system changes, we recommend blocking all “risky” content types in your email system.
This document is by no way the entire solution for file blocking via transport rules in Microsoft Exchange Online, however, we hope this will help you understand the options available and if you wish to add some blocks, will help walk you through the process.
EXCHANGE ONLINE ADMINISTRATION
- https://login.microsoftonline.com/
- Open the ADMIN app
- Select … Show all from the bottom of the left hand navigation section
- Run / Open the Exchange Admin Centre
- You can then access the Transport Rules using one of the following two options depending on the interface that is displayed (Classic or Modern)
EXCHANGE ADMIN CENTRE (NEW VERSION)
- https://admin.exchange.microsoft.com/#/morefeatures
- Transport Rules – click open
EXCHANGE ADMIN CENTRE (CLASSIC VERSION)
- Select mail flow from the left hand navigation section
RULE MANAGEMENT
Once the Transport Rules section opens, you will see any current/existing rules and you can add further rules.
EXCHANGE ONLINE TRANSPORT RULES
ADDING RULES – GENERAL INFORMATION
- From the menu bar click on the + drop down and select Create a new rule
- Give the rule a name that is descriptive enough that you will know what it is in years to come
- From the Apply this rule if… menu, select The sender is located
and select Outside the organisation
- Click More options… near the bottom of the page to expand the option sets
- Click add condition, which has now appeared under the sender location you set above
- Select whatever other rule is now required to apply to any inbound email from outside of your organisation
(see other rule options detailed later in this document) - Now select the action to take when the rule is matched
We generally suggest blocking or rejecting the message and include an explanation – this will allow the sender to be told that the message they sent you has been rejected. The message (if you keep it unique to each rule) will also let you track down the rule if you have any sender alerts / requests to relax the rule later or have any issues.
For example:- Blocked Executable Content
- Blocked File Type: Executable
- Blocked File Type: Scripts
- You can add exceptions if you need to, however, generally we suggest all rules should be specific enough not to require exceptions and if you are setting a rule, it should be for safety and thus should be company wide.
- Check that Stop processing more rules is not ticked and click Save
If you want to change the priority of the rule (the rule order) once you have saved it, the easiest way is to open the rule, look for the Priority: box and change the number to the number you wish.
BLOCK BAD FILE TYPE RULES
EXECUTABLE CONTENT BLOCK
This is the most straight forward rule to create and we recommend that this is created for all Microsoft Office 365 Exchange Online Tenants.
- Select Any attachment…. Has executable content
- As per the above ADDING RULES – GENERAL INFORMATION you can now select the Block the message… with reject the message and include an explanation options and set the priority etc.
Please note: If using rules to block particular email addresses or other content, it may be advisable to reject the message without notifying anyone as you do not want to highlight that your email address is actually live and working if you are blocking specific marketing spammers.
SPECIFIC ATTACHMENT FILE EXTENSIONS BLOCK
We strongly believe that in terms of emails, certain file types should never be received from anyone for any reason and these specifically include files such as scripts and other executable content. If you need to obtain these types of files, its generally accepted that you would go to a website (a secure and known website) to download them and would not expect to receive them by email.
As the majority of these file types are dangerous, we recommend blocking all of them with a transport rule so they never arrive in your mailbox.
- Create the rule in the normal way
- Select Any attachment… file extension includes these words
- Add the file extensions for the specific blocks related to the Rule Name you created for this rule
As per the above ADDING RULES – GENERAL INFORMATION you can now select the Block the message… with reject the message and include an explanation options and set the priority etc.
Please note: If using rules to block particular email addresses or other content, it may be advisable to reject the message without notifying anyone as you do not want to highlight that your email address is actually live and working if you are blocking specific marketing spammers.