How to make Office 365 Exchange block executable content

By Tony Wilson

Senior consultant

Indelible Data has found that many companies trying to comply with Cyber Essentials, particularly those wishing to prevent emailed executable files running without sufficient warning, are actually blocking valid, often important, files arriving into user inboxes.
For example, the Cyber Essentials Plus test includes executables contained in zip (container) files and, during assessment, many of these are delivered to user inboxes where they often execute without warning. This can lead to a knee jerk reaction where Office 365 Administrators issue a blanket ban on container files – some of which may contain important client documents or even signed contracts!).
In order to block common executable files, including those found in container files such as zip, WinRAR and 7zip, Office 365 has some useful tools in its arsenal to block such files and still deliver non-executable files. One such method is detailed below:
Please note that the Office 365 Admin interface is subject to change without warning and the following steps are to be seen as a guide to help create the rule.
1. Login to the Admin Portal at https://admin.microsoft.com/Adminportal/Home#/homepage
2. Select the “Admin Centres” menu option and select “Exchange”
3. Select “Rules” from the items that have appeared under the “Mail Flow” section in the main pane.
4. Create a new rule by pressing the “+” icon and select “Create a new rule”
5. Give the rule a name
6. It is important that “More Options….” is selected now as this allows the correct rule to be selected from the “Apply this rule if…” drop down list as these rules will now include sub-options.
7. In the “Apply this rule if…” drop-down list, select “any attachment…” -> “has executable content”
8. Select the appropriate option from the “Do the following…” drop-down list (then test, test and test again to ensure the option chosen here is appropriate to your business).
9. Save and then test thoroughly.

It is important to note that the above steps should be rolled-out after full testing has been conducted in an environment where, should valid files be blocked for whatever reason, the system can be restored and the files delivered.
Indelible Data Limited cannot be held responsible, or liable, for any unforeseen loss or damage to information after the above steps have been followed.

This is Part 1 of a series of Blogs designed to assist companies in making Cyber Essentials Plus a practical and workable Certification.