Attachment Blocking in Office 365

Office 365 and Microsoft Outlook include a security feature that blocks attachments that might put your computer at risk. Attachments that are known to be unsafe are added to a block list. 

When receiving a message in Outlook with an attachment that is on the block list, the attachment will be stripped from the message and the user will see the message: “Outlook blocked access to the following potentially unsafe attachments: <list of file blocked>"

payload

When sending a message with an attachment type on the block list, Outlook will warn the user that the attachment may not be received by Outlook users. 

outlook warning screenshot

When sending or receiving a message in Office 365 with an attachment that is on the block list, a red icon is placed over the attachment and it cannot be previewed or downloaded.

payload

Blocked Attachments:

Attachment Type

Description of Extension Use

".py", ".pyc", ".pyo", ".pyw", ".pyz", ".pyzw"

Python scripting language

".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2", ".psd1", ".psdm1", “.cdxml”, “.pssc”

PowerShell scripting language

“.appref-ms”

Windows ClickOnce

“.udl”

Microsoft Data Access Components (MDAC)

“.wsb”

Windows Sandbox

".cer", ".crt", ".der"

Digital Certificates

".jar", ".jnlp"

Java programming language

".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp" ".src"
".pif", ".ace", ".ani", ".app"

Various Applications, commonly vulnerable to exploits

If you need to send an attachment that is on the block list, there are a number of options to get the file to the destination. Some of these include, using file compression (e.g. zip) to change the file type, or sharing the file through the HEAnet fileshare service or other means. To see the complete list with instructions, review the following Microsoft help document.