I'm looking to implement stricter policies for email attachments in M365. My plan is to create two separate policies: one for quarantining suspicious files and another for outright rejecting emails with certain types of attachments. There are so many file types to consider, and I want to strike a balance. For instance, while I want to block HTML files to prevent phishing, I'm worried about disrupting important internal communications that may use such attachments. I intend to allow some exceptions temporarily, especially if important reports can be sent in a different format, like PDF. I want to be cautious and track how many attachments we're receiving before making any drastic changes. I'm considering blocking common risky types like .exe, .scr, .docm, and .xlsm right away. I'd love to hear your experiences with this process—what's worked, what hasn't, and any tips you might have. Thanks!
1 Answer
Your strategy sounds solid! For the risky types, definitely block the obvious ones like .exe, .scr, .docm, and .xlsm right off the bat. For the gray areas like HTML files, I recommend quarantining them first instead of outright rejecting. This way, you'll have the option to recover any legitimate emails that might get caught up in your filters.
Just curious, in which business could you never receive legitimate macro-enabled formats?