4.1 Ensure the Common Attachment Types Filter is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails.

Rationale:

Blocking known malicious file types can help prevent malware-infested files from infecting a host.

Impact:

Blocking common malicious file types should not cause an impact in modern computing environments.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable the Common Attachment Types Filter, use the Microsoft 365 Admin Portal:

Navigate to the Microsoft Admin Center and click Security.

Under Email & collaboration > Threat policies.

Select Anti-malware and click on the Default policy.

In the Edit tab under at the bottom click on Edit protection settings, check the Enable the common attachments filter

To enable the Common Attachment Types Filter, use the Exchange Online PowerShell Module:

Connect to Exchange Online using Connect-ExchangeOnline.

Run the following Exchange Online PowerShell command:

Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true

Default Value:

off

See Also

https://workbench.cisecurity.org/files/3729