Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Blocking Potentially Dangerous Email Attachments [CHK-1020]

This check verifies if Microsoft Exchange is configured to block certain potentially dangerous file types in emails.

Rationale

Malware can infiltrate your organization via email attachments. Blocking certain file types, such as .exe, which can contain malicious code, can prevent this.

Fix

An automated fix is available through Attic.

Manual steps:

  • Sign in to the Microsoft 365 Defender portal.

  • Navigate to the "email and collaboration" section.

  • Select "policies" and then "policies and rules".

  • Select the "Anti-malware" policy.

  • Open the default policy.

  • Enable the "Common attachments filter" option.

  • Click on "Save" to apply the changes.

Impact

Enabling the file filter will prevent certain file types from being sent via email, reducing the risk of malware infiltration. It is advisable to inform your organization before activating the setting.

More Information

This measure aligns with the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:

  • CIS M365 4.1 - (L1) Ensure the Common Attachment Types Filter is enabled.