The vast majority of files sent in emails that are part of our blocked extensions list are security threats. Should the need arise to share such a file, channels other than email should be used, such as file sharing through OneDrive or SharePoint.


Office Protect prelisted all potential harmful file extensions in the list on the right, you may add or remove file extension to the list to fit your organization’s needs. We will then adjust your Defender Anti-Malware policy accordingly.


Any sent or received email containing an attachment with an extension that is listed as dangerous will automatically be quarantined by Exchange Online Protection. The senders/recipients will not be notified of the action performed.


You can find the setting in the Microsoft Defender portal, by going to Email & Collaboration > Policies & Rules > Threat policies > Anti-Malware in the Policies section.


Operation to look for in the Unified Audit Logs: Set-MalwareFilterPolicy


Microsoft’s documentation about Anti-Malware policy: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide