One popular way to spread malware is to send it as an attachment to someone’s inbox and asking them to open it. To lessen this type of abuse, Microsoft has added several additional file extensions to a block list that will prevent Outlook web users from downloading them. The firm says that these file types are rarely used so most organisations won’t be affected but if yours does need to send these files you can add them to the AllowedFileTypes of users’ OwaMailboxPolicy objects.
With this update, Microsoft has blocked several file types used by the Python scripting language, PowerShell scripting language, Windows ClickOnce, Microsoft Data Access Components (MDAC), Windows sandbox, digital certificates, and the Java programming language. For a complete list of affected file types, and the commands needed to whitelist those extensions, check out Microsoft’s blog post on the matter.
Commenting on the update, The Exchange Team at Microsoft said:
“Security of our customer’s data is our utmost priority, and we hope our customers will understand and appreciate this change. Change can be disruptive, so we hope the information here explains what we’re doing and why.”
While the option to send these files can be enabled, it’s entirely dependent on organisation administrators to alter the configurations. If you find yourself in a situation where these files are blocked but still need to send them, then there are plenty of other file sending services you could use.