Microsoft’s Exchange team has updated the File Types that is blocked in Outlook Web. The list has been updated as they see it can be risky downloading them in current scenarios. These new extension has been added to the BlockedFileTypes property of existing OwaMailboxPolicy objects. This change will prevent Outlook.com users from downloading attachments that have those file extensions. Microsoft will start rolling them out in October in Exchange Online.
New File Types blocked in Outlook on the Web
Since some of the files were not considered dangerous till date, they were being sent as an attachment, however, according to the evaluation, someone could be faking these attachment posing a risk. Once you have updated the software, the new blocks will be applicable. Here is the list:
- Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
- PowerShell scripting language: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”, “.cdxml”, “.pssc”
- Windows ClickOnce: “.appref-ms”
- Microsoft Data Access Components (MDAC): “.udl”
- Windows sandbox: “.wsb”
- Digital certificates: “.cer”, “.crt”, “.der”
- Java programming language: “.jar”, “.jnlp”
- Others: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”
The last list of extensions are associated with vulnerabilities have been patched, and they are being blocked for the benifit of organizations that might still have older versions of the application software.
How to allow a particular file type for Outlook Web
To add a file extension to the AllowedFileTypes list:
$policy = Get-OwaMailboxPolicy [policy name] $allowedFileTypes = $policy.AllowedFileTypes $allowedFileTypes.Add(".foo") Set-OwaMailboxPolicy $policy -AllowedFileTypes $allowedFileTypes
Or you can use:
Set-OwaMailboxPolicy -Identity "<Policy Name>" -BlockedFileTypes @{Add=".foo"}
If you wish to remove an extension from BlockedFileTypes list in the future:
$policy = Get-OwaMailboxPolicy [policy name] $blockedFileTypes = $policy.BlockedFileTypes $blockedFileTypes.Remove(".foo") Set-OwaMailboxPolicy $policy -BlockedFileTypes $blockedFileTypes
Or
Set-OwaMailboxPolicy -Identity "<Policy Name>" -BlockedFileTypes @{Remove=".foo"}
Read more on the official post from the Exchange Team.