Information
The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails.
Rationale:
Blocking known malicious file types can help prevent malware-infested files from infecting a host.
Impact:
Blocking common malicious file types should not cause an impact in modern computing environments.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To enable the Common Attachment Types Filter:
Navigate to Microsoft 365 Defender https://security.microsoft.com.
Click to expand Email & collaboration select Policies & rules.
On the Policies & rules page select Threat policies.
Under polices select Anti-malware and click on the Default (Default) policy.
On the Policy page that appears on the right hand pane scroll to the bottom and click on Edit protection settings, check the Enable the common attachments filter.
Click Save.
To enable the Common Attachment Types Filter using PowerShell:
Connect to Exchange Online using Connect-ExchangeOnline.
Run the following Exchange Online PowerShell command:
Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true
NOTE: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant then ensure the setting is set as outlined in the highest priority policy listed.
Default Value:
Always on