• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Changes to File Types Blocked in Outlook on the web


Brink

Administrator
Administrator
mvp
Posts
23,842
#1
We will soon be adding several additional file extensions to the BlockedFileTypes property of existing OwaMailboxPolicy objects. This change will prevent Outlook on the web users from downloading attachments that have those file extensions.

Why are we making this change?

We’re always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today.

How does this affect me?

The newly blocked file types are rarely used, so most organizations will not be affected by the change. However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them.

How can I prepare for this change?

If your organization requires that users be able to download attachment of these types from OWA, you should first ensure that our organization's operating systems and application software are up-to-date (in the case files that are opened by application software) or ensure that your users are familiar with the risks associated with the file types (in the case of files that are interpreted by scripting software).

If you want to allow a particular file type to be allowed, you can add that file type to the AllowedFileTypes property of your users' OwaMailboxPolicy objects.

Note: In order to minimize disruption from this change, we will not add a file extension to a policy's BlockedFileTypes list if that extension is already present in the AllowedFileTypes list.

To add a file extension to the AllowedFileTypes list:

Code:
$policy = Get-OwaMailboxPolicy [policy name]
$allowedFileTypes = $policy.AllowedFileTypes
$allowedFileTypes.Add(".foo")
Set-OwaMailboxPolicy $policy -AllowedFileTypes $allowedFileTypes
Or if you want (brought to you as part of the service that tries to teach you clever shortcuts) you can use:

Code:
Set-OwaMailboxPolicy -Identity "<Policy Name>" -BlockedFileTypes @{Remove=".foo"}
If you wish to remove any extension from BlockedFileTypes list in the future:

Code:
$policy = Get-OwaMailboxPolicy [policy name]
$blockedFileTypes = $policy.BlockedFileTypes
$blockedFileTypes.Remove(".foo")
Set-OwaMailboxPolicy $policy -BlockedFileTypes $blockedFileTypes
Again, or:

Code:
Set-OwaMailboxPolicy -Identity "<Policy Name>" -BlockedFileTypes @{Remove=".foo"}
In order to determine which OwaMailboxPolicy object governs a particular user's Outlook on the Web experience, run the following commands:

Code:
$casMailbox = Get-CasMailbox [email address]
$casMailbox.OwaMailboxPolicy
What file extensions will be added to the BlockedFileTypes list with this change?

The following extensions are used by the Python scripting language:

".py", ".pyc", ".pyo", ".pyw", ".pyz", ".pyzw"

The following extensions are used by the PowerShell scripting language:

".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2", ".psd1", ".psdm1", ".psd1", ".psdm1"

The following extensions are used for digital certificates:

".cer", ".crt", ".der"

The following extensions are used by the Java programming language:

".jar", ".jnlp"

The following extensions are used by various applications. While the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use:

".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"

Security of our customer’s data is our utmost priority, and we hope our customers will understand and appreciate this change. Change can be disruptive, so we hope the information here explains what we’re doing and why.

Source: Changes to File Types Blocked in Outlook on the web - Microsoft Tech Community - 874451
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Users Who Are Viewing This Thread (Users: 0, Guests: 1)