Anyone who works with Office 365 knows that there is no shortage of new features rolling out, the pace at which new functionality is made available definitely keeps you on your toes.
Part of what inspired me to develop www.roadmapwatch.com is that I wanted to know more about when features progressed through the various stages on the official Office 365 Roadmap. Even with that tight watch of the roadmap, there are 164 features currently in some sort of “in progress” state and it’s hard to track them all.
On top of the features documented on the roadmap, there are occasionally small items that either slip through the cracks or aren’t worthy of a roadmap mention. One of those features is the “Common Attachment Blocking” feature in EOP that was introduced some time in the last month or so.
Below is a summary of what “Common Attachment Blocking” is all about…
Chatter about “Common Attachment Blocking (CAB)” started on one of the EOP blogs back around August 2015. In January of this year, there was a mention on a different EOP blog and on the Office blog that the feature would be coming in “the next quarter”. And then… Well, that was it. I never saw another mention of the feature or it’s rollout status.
It turns out that the feature was released in the last couple months and you’ll likely find it available in your tenant right now.
A “New” Feature?
Unleash the Potential of Power Platform With a Center of Excellence
Business innovation often comes from within. Discover how to empower innovation from non-traditional developers with the Microsoft Power Platform.
There’s always been a way to block attachments by extension in EOP via a transport rule. However, using a transport rule gave you somewhat limited options when it came to the user experience. You could reject or delete a message with an attachment but there wasn’t a clean way to just strip the attachment and send the message along to the end user.
Using “Common Attachment Blocking”
You’ll find CAB buried in the Anti-Malware Filter Policy in EOP. From the Exchange Admin Center, if you navigate to “Protection” and then “Malware Filter”, you’ll see your default policy. On the “Settings” tab is the option to enable CAB; despite being “recommended”, it will be disabled by default in your policy.
Once enabled, there is a default list of 10 file extensions that Microsoft has selected and you can add more from a pre-defined list of 96 file extensions. All your favorites such as .exe, .com and .vbs are there.
TIP: While you cannot add custom extensions via the portal, it does appear that you can use the “-FileTypes” switch on the “Set-MalwareFilterPolicy” cmdlet to add extensions not in the list of 96.
Any attachment file extension that you’ve selected will trigger the “Malware Detection Response” in your policy. You have the option to delete the message in it’s entirety or you can replace the attachment with a text file containing a notification.
The default notification looks like this:
Otherwise you can provide custom text in the notification.
Testing It Out
You can easily test out the feature by creating a second anti-malware policy (you’ll find CAB enabled by default on it) and applying it to only a subset of users via the options on the “Applied To” tab of the policy.
Give it a try! Let me know what you think in the comments below.
Did you find this article helpful?
Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.
Looking to do some more reading on Office 365?
Catch up on my past articles here: Joe Palarchio.