Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the google-analytics-dashboard-for-wp domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in C:\inetpub\vhosts\gck.org.uk\httpdocs\c7solutions\wp-includes\functions.php on line 6114
Exchange Edge Server and Common Attachment Blocking In Exchange Online Protection – Brian Reid – Microsoft 365 Subject Matter Expert

Exchange Edge Server and Common Attachment Blocking In Exchange Online Protection


Both Exchange Server Edge role and Exchange Online Protection have an attachment filtering policy. The default in Edge Server is quite long, and the default in EOP is quite short. There is also a few values that are common to both.

So, how do you merge the lists so that your Edge Server attachment filtering policy is copied to Exchange Online in advance of changing your MX record to EOP?

You run:

Set-MalwareFilterPolicy Default -FileTypes ade,adp,cpl,app,bas,asx,bat,chm,cmd,com,crt,csh,exe,fxp,hlp,hta,inf,ins,isp,js,jse,ksh,lnk,mda,mdb,mde,mdt,mdw,mdz,msc,msi,msp,mst,ops,pcd,pif,prf,prg,ps1,ps11,ps11xml,ps1xml,ps2,ps2xml,psc1,psc2,reg,scf,scr,sct,shb,shs,url,vb,vbe,vbs,wsc,wsf,wsh,xnk,ace,ani,docm,jar -EnableFileFilter $true

This takes both the Edge Server default list and the EOP default list, minus the duplicate values and adds them to EOP. If you have a different custom list then use the following PowerShell to get your two lists and then use the above (with “Default” being the name of the policy) PowerShell to update the list in the cloud

Edge Server:

Get-AttachmentFilterEntry

EOP:

$malwarepolicy = Get-MalwareFilterPolicy Default
$malwarepolicy.FileTypes

There are many suggested file extensions to block in the M365 Security Center, and you can add your own extensions – for example additions in 2022 include .msixbundle and more for new executable extension types.

Recommend you review your attachment blocks and update the list to suit.


Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.