Microsoft Exchange Security #1 Level 1
Your organization/company might require that specific types of messages be blocked or denied in order to meet compliance/ legal requirements, or to implement special business needs. This article discusses examples of common scenarios for blocking all attachments which you can set up using mail flow rules (also known mail flow rules) in Exchange Online.
For additional examples showing how to block specific attachments, see:
Using mail flow rules to inspect message attachments (Exchange Server)
Use mail flow rules to inspect message attachments in Office 365 (Exchange Online, Exchange Online Protection)
The malware filter includes a Common Attachment Types Filter. In the Exchange admin center (EAC), go to Protection, then click New( ) to add filters. In the Exchange Online portal, browse to >Protection and then select Malware Filter.
To get started implementing any of these scenarios to block certain message types:
Open the Exchange admin center (EAC). For more information, see Exchange admin center in Exchange Online.
Go to Mail flow > Rules.
Click New ( ) and then select Create a new rule.
In the Name box, specify a name for the rule, and then click More options.
Select the conditions and actions you want.
Note: In the EAC, the smallest attachment size that you can enter is 1 kilobyte, which should detect most attachments. However, if you want to detect every possible attachment of any size, you need to use PowerShell to adjust the attachment size to 1 byte after you create the rule in the EAC. To learn how to connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell. To learn how to connect to Exchange Online Protection PowerShell, see Connect to Exchange Online Protection PowerShell.
Replace <Rule Name> with the name of the existing rule, and run the following command to set the attachment size to 1 byte:
You could face this issue sometimes:
If you have one or a group of users and you wanna prevent those users from sending any email attachments, here is the way how to accomplish this goal:
First of all, log into your Office 365 tenancy with administrative access > Admin > Admin Centers > Exchange Admin > Mail Flow > Rules > Add > Filter Message By Size.
Name: Give it a sensible name.
Apply This Rule If: The message size is greater than or equal to = 1.00 KB (we will change this in a minute!)
The Sender Is: Add the user or users in question.
Do The Following: Reject the message with the explanation = “Enter some sensible text”.
Scroll down. And set the checkbox for "Stop processing more rules".
Save it.
Now this blocks all attachments over 1KB (1024 bytes), but this still lets a user send a smaller attachment!
The ONLY way till today to fix that, is to drop the limit using PowerShell.
Type this in Office 365 Exchange PowerShell
TRADEMARK LEGAL NOTICE
All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used on this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed on pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.
#MikeGhahremani #CCIE #Microsoft #MicrosoftAzure #Exchange #Mail #MailServer #SecurityCenter #Cybersecurity #Security #CloudSecurity #InfoSec