Pages

14 September 2021

Block attachments with macro's - Exchange Online transport rule

Macro's have become a serious threat with new malicious attachments entering your users mailboxes on a daily basis.

To stop the most obvious possible malicious attachments from entering your organization you can create this rule.
This is not the only thing that has to be done of course, but it's a start.

Sign into Microsoft 365 Portal and go to Exchange Admin Center.

Click Mail Flow on the left-side pane, and click the little + icon to add a new rule.

Then give it a name
Apply this rule if the recipient is located outside the organization
and
Any attachment's file extension matches
sldm
ppsm
ppam
potm
xlam
xltm
xlsm
dotm
docm
Do the following
Delete the message without notifying anyone (you could tweak this to your liking)
It will look like this:
And then test test test.




 

No comments:

Post a Comment