Office Protect Settings - Block “Bad” File Extension Attachments
The vast majority of files sent in emails that are part of our blocked extensions list are security threats. Should the need arise to share such a file, channels other than email should be used, such as file sharing through OneDrive or SharePoint.
Office Protect prelisted all potential harmful file extensions in the list on the right, you may add or remove file extension to the list to fit your organization’s needs. We will then adjust your Exchange Anti-Malware policy protection setting accordingly.
Any sent or received email containing an attachment with an extension that is listed as dangerous will automatically be quarantined by Exchange Online Protection. The senders/recipients will not be notified of the action performed.
You can find the setting in the Security Center, in the Threat Management/Policy/Anti-Malware section.
Operation to look for in the Unified Audit Logs: Set-MalwareFilterPolicy
Microsoft’s documentation about Anti-Malware policy: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-worldwide