O365-OU-000017 - Level 1 file attachments must be blocked from being delivered.

Information

This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook uses two levels of security to restrict access to files attached to email messages or other items. Files with specific extensions can be categorized as Level 1 (users cannot view the file) or Level 2 (users can open the file after saving it to disk). Users can freely open files of types that are not categorized as Level 1 or Level 2.

If you enable this policy setting, users can create a list of Level 1 file types to demote to Level 2 by adding the file types to the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level1Remove.

If this policy setting is disabled or not configured, users cannot demote Level 1 attachments to Level 2, and the HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level1Remove registry key has no effect.

Solution

Set the policy value for User Configuration >> Administrative Templates >> Microsoft Outlook 2016 >> Security >> Security Form Settings >> Attachment Security >> Remove file extensions blocked as Level 1 to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Office_365_ProPlus_V3R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), CAT|II, CCI|CCI-001662, Rule-ID|SV-223362r961086_rule, STIG-ID|O365-OU-000017, STIG-Legacy|SV-108903, STIG-Legacy|V-99799, Vuln-ID|V-223362

Plugin: Windows

Control ID: 3e3c855f6261cb7ca17ecc2be55d8dfa323934a45003e27ce95a7f945e55a917