Home
%3CLINGO-SUB%20id%3D%22lingo-sub-875215%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875215%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20meaningful%20change.%20Regarding%20the%20short%20version%20of%20adding%20a%20file%20type%2C%20should%20it%20not%20be%20Set-OwaMailboxPolicy%20-Identity%20%22%22%20-BlockedFileTypes%20%40%7BAdd%3D%22.foo%22%7D%20with%20Add%20instead%20of%20Remove%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-875790%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875790%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F415208%22%20target%3D%22_blank%22%3E%40cehrit%3C%2FA%3E%26nbsp%3B%20You%20win%20today's%20prize%20for%20today%20the%20'deliberate'%20mistake.%20Well%20done!%20I%20win%20today's%20prize%20for%20worst%20copy%20and%20paste.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAll%20fixed%20now%2C%20and%20glad%20you%20like%20the%20change.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877633%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877633%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20Greg%3A%20When%20does%20this%20change%20roll%20out%2C%20where%3F%20I%20am%20guessing%20Exchange%20Online%20first%2C%20then%20the%20next%20Exchange%20Server%20cumulative%20updates%3F%3C%2FP%3E%3CP%3ERob%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879505%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879505%22%20slang%3D%22en-US%22%3EIt%20appears%20that%20%22.psd1%22%20is%20listed%20twice%20-%20is%20that%20a%20duplicate%20or%20is%20there%20another%20extension%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878138%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878138%22%20slang%3D%22en-US%22%3E%3CP%3ERob%2C%20changes%20start%20rolling%20out%20from%20November%20in%20Exchange%20Online%2C%20they%20will%20come%20to%20on-prem%20in%20a%20future%20CU.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-880232%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-880232%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F416430%22%20target%3D%22_blank%22%3E%40bsommers%3C%2FA%3E%26nbsp%3B-%20you%20win%20the%20second%20eagle%20eye%20prize%20and%20I%20shall%20hang%20my%20head%20in%20shame%20-%20for%20the%20second%20time.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20for%20spotting%20that%20(there%20was%20one%20other%20duplicate%20too%20which%20I%20fixed)%2C%20all%20good%20now%20I%20hope.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882213%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882213%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BHow%20do%20I%20manage%20this%20for%20my%20IT%20team%3F%20They%20will%20often%20be%20sharing%20PowerShell%20and%20certificates%20-%20but%20don't%20want%20to%20open%20this%20up%20for%20my%20whole%20organisation...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-883670%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-883670%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20aware%20that%20.appref-ms%20%2F%20clickonce%20is%20used%20by%20your%20own%20eDiscovery%20service%20for%20Exchange%20Online%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fpolicy-and-compliance%2Fediscovery%2Fexport-results-to-pst%3Fview%3Dexchserver-2019%26amp%3BviewFallbackFrom%3Dexchonline-ww%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fpolicy-and-compliance%2Fediscovery%2Fexport-results-to-pst%3Fview%3Dexchserver-2019%26amp%3BviewFallbackFrom%3Dexchonline-ww%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-884089%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-884089%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F417317%22%20target%3D%22_blank%22%3E%40mr_kitson%3C%2FA%3E%26nbsp%3B%20-%26nbsp%3BYou%20can%26nbsp%3Buse%20the%20New-OwaMailboxPolicy%20and%20Set-OwaMailboxPolicy%20cmdlets%20to%20create%20and%20configure%20a%20new%20policy%20that%20meets%20the%20needs%20of%20your%20IT%20staff%2C%20and%20then%20use%20the%20Set-CasMailbox%20cmdlet%20to%20assign%20that%20policy%20to%20those%20people.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F417678%22%20target%3D%22_blank%22%3E%40lochii%3C%2FA%3E%26nbsp%3B-%20yes%2C%20but%20sending%20them%20to%20someone%20as%20a%20clickable%20link%20in%20an%20email%20isn't%20recommended.%20If%20you%20want%20to%20create%20an%20exception%20for%20that%20type%20you%20can%20do%20so%20using%20the%20steps%20in%20the%20article.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-885396%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-885396%22%20slang%3D%22en-US%22%3EAlso%20regarding%20the%20first%20clever%20shortcut%20for%20adding%20a%20file%20type%20-%20should%20it%20not%20be%20-AllowedFileTypes%20rather%20than%20-BlockedFileTypes%3F%20Sorry.%20Thanks%20for%20the%20useful%20post.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-885867%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-885867%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%26nbsp%3B%26nbsp%3B%20Why%20should%20certificate%20files%20be%20blocked%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-885971%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-885971%22%20slang%3D%22en-US%22%3E%3CP%3EOh%20hey%2C%20I've%20got%20one%3A%26nbsp%3B%3CEM%3Ecustomer's%3C%2FEM%3E%20is%20possessive%20for%20a%20single%20customer.%20I%20think%20you%20meant%26nbsp%3B%3CEM%3Ecustomers'%3C%2FEM%3E.%20First%20few%20words%20of%20the%20last%20paragraph.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-886016%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-886016%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20these%20file%20types%20be%20blocked%20just%20in%20Outlook%20web%20app%20or%20will%20this%20also%20impact%20the%20desktop%20apps%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-874451%22%20slang%3D%22en-US%22%3EChanges%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874451%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20will%20soon%20be%20adding%20several%20additional%20file%20extensions%20to%20the%20BlockedFileTypes%20property%20of%20existing%20OwaMailboxPolicy%20objects.%20This%20change%20will%20prevent%20Outlook%20on%20the%20web%20users%20from%20downloading%20attachments%20that%20have%20those%20file%20extensions.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%20id%3D%22toc-hId-1626430400%22%3EWhy%20are%20we%20making%20this%20change%3F%3C%2FH3%3E%0A%3CP%3EWe%E2%80%99re%20always%20evaluating%20ways%20to%20improve%20security%20for%20our%20customers%2C%20and%20so%20we%20took%20the%20time%20to%20audit%20the%20existing%20blocked%20file%20list%20and%20update%20it%20to%20better%20reflect%20the%20file%20types%20we%20see%20as%20risks%20today.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%20id%3D%22toc-hId--925726561%22%3EHow%20does%20this%20affect%20me%3F%3C%2FH3%3E%0A%3CP%3EThe%20newly%20blocked%20file%20types%20are%20rarely%20used%2C%20so%20most%20organizations%20will%20not%20be%20affected%20by%20the%20change.%20However%2C%20if%20your%20users%20are%20sending%20and%20receiving%20affected%20attachments%2C%20they%20will%20report%20that%20they%20are%20no%20longer%20able%20to%20download%20them.%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%20id%3D%22toc-hId-817083774%22%3EHow%20can%20I%20prepare%20for%20this%20change%3F%3C%2FH3%3E%0A%3CP%3EIf%20your%20organization%20requires%20that%20users%20be%20able%20to%20download%20attachment%20of%20these%20types%20from%20OWA%2C%26nbsp%3Byou%20should%20first%20ensure%20that%20our%20organization's%20operating%20systems%20and%20application%20software%20are%20up-to-date%20(in%20the%20case%20files%20that%20are%20opened%20by%20application%20software)%20or%20ensure%20that%20your%20users%20are%20familiar%20with%20the%20risks%20associated%20with%20the%20file%20types%20(in%20the%20case%20of%20files%20that%20are%20interpreted%20by%20scripting%20software).%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20a%20particular%20file%20type%20to%20be%20allowed%2C%20you%20can%20add%20that%20file%20type%20to%20the%20AllowedFileTypes%20property%20of%20your%20users'%20OwaMailboxPolicy%20objects.%3C%2FP%3E%0A%3CP%3ENote%3A%20In%20order%20to%20minimize%20disruption%20from%20this%20change%2C%20we%20will%20%3CEM%3Enot%20%3C%2FEM%3Eadd%20a%20file%20extension%20to%20a%20policy's%20BlockedFileTypes%20list%20if%20that%20extension%20is%20already%20present%20in%20the%20AllowedFileTypes%20list.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20add%20a%20file%20extension%20to%20the%20AllowedFileTypes%20list%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%24policy%20%3D%20Get-OwaMailboxPolicy%20%5Bpolicy%20name%5D%0A%24allowedFileTypes%20%3D%20%24policy.AllowedFileTypes%0A%24allowedFileTypes.Add(%22.foo%22)%0ASet-OwaMailboxPolicy%20%24policy%20-AllowedFileTypes%20%24allowedFileTypes%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOr%20if%20you%20want%20(brought%20to%20you%20as%20part%20of%20the%20service%20that%20tries%20to%20teach%20you%20clever%20shortcuts)%20you%20can%20use%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3ESet-OwaMailboxPolicy%20-Identity%20%22%3CPOLICY%20name%3D%22%22%3E%22%20-AllowedFileTypes%20%40%7BAdd%3D%22.foo%22%7D%3C%2FPOLICY%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20wish%20to%20remove%20any%20extension%20from%20BlockedFileTypes%20list%20in%20the%20future%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%24policy%20%3D%20Get-OwaMailboxPolicy%20%5Bpolicy%20name%5D%0A%24blockedFileTypes%20%3D%20%24policy.BlockedFileTypes%0A%24blockedFileTypes.Remove(%22.foo%22)%0ASet-OwaMailboxPolicy%20%24policy%20-BlockedFileTypes%20%24blockedFileTypes%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAgain%2C%20or%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3ESet-OwaMailboxPolicy%20-Identity%20%22%3CPOLICY%20name%3D%22%22%3E%22%20-BlockedFileTypes%20%40%7BRemove%3D%22.foo%22%7D%3C%2FPOLICY%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20order%20to%20determine%20which%20OwaMailboxPolicy%20object%20governs%20a%20particular%20user's%20Outlook%20on%20the%20Web%20experience%2C%20run%20the%20following%20commands%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%24casMailbox%20%3D%20Get-CasMailbox%20%5Bemail%20address%5D%0A%24casMailbox.OwaMailboxPolicy%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%20id%3D%22toc-hId--1735073187%22%3EWhat%20file%20extensions%20will%20be%20added%20to%20the%20BlockedFileTypes%20list%20with%20this%20change%3F%3C%2FH3%3E%0A%3CP%3EThe%20following%20extensions%20are%20used%20by%20the%20Python%20scripting%20language%3A%3C%2FP%3E%0A%3CP%3E%22.py%22%2C%20%22.pyc%22%2C%20%22.pyo%22%2C%20%22.pyw%22%2C%20%22.pyz%22%2C%20%22.pyzw%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extensions%20are%20used%20by%20the%20PowerShell%20scripting%20language%3A%3C%2FP%3E%0A%3CP%3E%22.ps1%22%2C%20%22.ps1xml%22%2C%20%22.ps2%22%2C%20%22.ps2xml%22%2C%26nbsp%3B%22.psc1%22%2C%20%22.psc2%22%2C%20%22.psd1%22%2C%20%22.psdm1%22%2C%20%E2%80%9C.cdxml%E2%80%9D%2C%20%E2%80%9C.pssc%E2%80%9D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extension%20is%20used%20by%20Windows%20ClickOnce%3C%2FP%3E%0A%3CP%3E%E2%80%9C.appref-ms%E2%80%9D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extension%20is%20used%20by%20Microsoft%20Data%20Access%20Components%20(MDAC)%3C%2FP%3E%0A%3CP%3E%E2%80%9C.udl%E2%80%9D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extension%20is%20used%20by%20the%20Windows%20sandbox%3C%2FP%3E%0A%3CP%3E%E2%80%9C.wsb%E2%80%9D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extensions%20are%20used%20for%20digital%20certificates%3A%3C%2FP%3E%0A%3CP%3E%22.cer%22%2C%20%22.crt%22%2C%20%22.der%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extensions%20are%20used%20by%20the%20Java%20programming%20language%3A%3C%2FP%3E%0A%3CP%3E%22.jar%22%2C%20%22.jnlp%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20extensions%20are%20used%20by%20various%20applications.%20While%20the%20associated%20vulnerabilities%20have%20been%20patched%20(for%20years%2C%20in%20most%20cases)%2C%20they%20are%20being%20blocked%20for%20the%20benefit%20of%20organizations%20that%20might%20still%20have%20older%20versions%20of%20the%20application%20software%20in%20use%3A%3C%2FP%3E%0A%3CP%3E%22.appcontent-ms%22%2C%20%22.settingcontent-ms%22%2C%26nbsp%3B%22.cnt%22%2C%20%22.hpj%22%2C%26nbsp%3B%22.website%22%2C%20%22.webpnp%22%2C%26nbsp%3B%22.mcf%22%2C%26nbsp%3B%22.printerexport%22%2C%20%22.pl%22%2C%20%22.theme%22%2C%20%22.vbp%22%2C%26nbsp%3B%22.xbap%22%2C%20%22.xll%22%2C%20%22.xnk%22%2C%20%22.msu%22%2C%20%22.diagcab%22%2C%20%22.grp%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESecurity%20of%20our%20customers'%20data%20is%20our%20utmost%20priority%2C%20and%20we%20hope%20our%20customers%20will%20understand%20and%20appreciate%20this%20change.%20Change%20can%20be%20disruptive%2C%20so%20we%20hope%20the%20information%20here%20explains%20what%20we%E2%80%99re%20doing%20and%20why.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-874451%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20will%20soon%20be%20adding%20several%20additional%20file%20extensions%20to%20the%20BlockedFileTypes%20property%20of%20existing%20OwaMailboxPolicy%20objects.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-874451%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOWA%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etransport%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887616%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404146%22%20target%3D%22_blank%22%3E%40chalmerstax%3C%2FA%3E%26nbsp%3B-%20I'm%20going%20to%20fire%20the%20person%20who%20proof%20read%20this%20blog%20post%20given%20how%20many%20small%20errors%20are%20in%20it.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F286851%22%20target%3D%22_blank%22%3E%40richardmanley3%3C%2FA%3E%26nbsp%3B%20-%20sorry%2C%20I%20can't%20answer%20this%2C%20I%20just%20got%20fired.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E(the%20answer%20is%20in%20the%20title...)%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887690%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887690%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20heads%20up.%20Are%20you%20able%20to%20define%20%22soon%22%20to%20an%20expected%20timeframe%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887711%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887711%22%20slang%3D%22en-US%22%3E%3CP%3EAlso%2C%20where%20can%20I%20find%20a%20list%20of%20the%20file%20types%20that%20are%20currently%20blocked%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887714%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887714%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20also%20take%20effect%20on%20Android%20and%20iOS%20applications%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888113%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888113%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F197654%22%20target%3D%22_blank%22%3E%40greg%3C%2FA%3E%20Taylor%20fair%20comment%2C%20it%20is%20in%20the%20title!%26nbsp%3B%20Just%20checking%20as%20I%20know%20our%20service%20desk%20will%20ask%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-899294%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-899294%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20certs%20are%20blocked%2C%20does%20that%20mean%20signed%20and%20encrypted%20emails%20are%20no%20longer%20accessible%20via%20Outlook%20on%20the%20web%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-899609%22%20slang%3D%22en-US%22%3ERe%3A%20Changes%20to%20File%20Types%20Blocked%20in%20Outlook%20on%20the%20web%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-899609%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F422008%22%20target%3D%22_blank%22%3E%40flinderbahn%3C%2FA%3E%26nbsp%3B-%20no.%20Certs%20sent%20as%20attachments%20are%20blocked.%20That's%20not%20how%20signed%20and%20encrypted%20emails%20are%20made.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E

We will soon be adding several additional file extensions to the BlockedFileTypes property of existing OwaMailboxPolicy objects. This change will prevent Outlook on the web users from downloading attachments that have those file extensions.

Why are we making this change?

We’re always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today.

How does this affect me?

The newly blocked file types are rarely used, so most organizations will not be affected by the change. However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them.

How can I prepare for this change?

If your organization requires that users be able to download attachment of these types from OWA, you should first ensure that our organization's operating systems and application software are up-to-date (in the case files that are opened by application software) or ensure that your users are familiar with the risks associated with the file types (in the case of files that are interpreted by scripting software). 

If you want a particular file type to be allowed, you can add that file type to the AllowedFileTypes property of your users' OwaMailboxPolicy objects.

Note: In order to minimize disruption from this change, we will not add a file extension to a policy's BlockedFileTypes list if that extension is already present in the AllowedFileTypes list. 

To add a file extension to the AllowedFileTypes list:

 

 

$policy = Get-OwaMailboxPolicy [policy name]
$allowedFileTypes = $policy.AllowedFileTypes
$allowedFileTypes.Add(".foo")
Set-OwaMailboxPolicy $policy -AllowedFileTypes $allowedFileTypes

 

 

Or if you want (brought to you as part of the service that tries to teach you clever shortcuts) you can use:

 

 

Set-OwaMailboxPolicy -Identity "<Policy Name>" -AllowedFileTypes @{Add=".foo"}

 

 

If you wish to remove any extension from BlockedFileTypes list in the future:

 

 

$policy = Get-OwaMailboxPolicy [policy name]
$blockedFileTypes = $policy.BlockedFileTypes
$blockedFileTypes.Remove(".foo")
Set-OwaMailboxPolicy $policy -BlockedFileTypes $blockedFileTypes

 

 

Again, or:

 

 

Set-OwaMailboxPolicy -Identity "<Policy Name>" -BlockedFileTypes @{Remove=".foo"}

 

 

In order to determine which OwaMailboxPolicy object governs a particular user's Outlook on the Web experience, run the following commands:

 

 

$casMailbox = Get-CasMailbox [email address]
$casMailbox.OwaMailboxPolicy

 

 

What file extensions will be added to the BlockedFileTypes list with this change?

The following extensions are used by the Python scripting language:

".py", ".pyc", ".pyo", ".pyw", ".pyz", ".pyzw"

 

The following extensions are used by the PowerShell scripting language:

".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2", ".psd1", ".psdm1", “.cdxml”, “.pssc”

 

The following extension is used by Windows ClickOnce

“.appref-ms”

 

The following extension is used by Microsoft Data Access Components (MDAC)

“.udl”

 

The following extension is used by the Windows sandbox

“.wsb”

 

The following extensions are used for digital certificates:

".cer", ".crt", ".der"

 

The following extensions are used by the Java programming language:

".jar", ".jnlp"

 

The following extensions are used by various applications. While the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use:

".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"

 

Security of our customers' data is our utmost priority, and we hope our customers will understand and appreciate this change. Change can be disruptive, so we hope the information here explains what we’re doing and why.

 

The Exchange Team

20 Comments
Frequent Visitor

Very meaningful change. Regarding the short version of adding a file type, should it not be Set-OwaMailboxPolicy -Identity "" -BlockedFileTypes @{Add=".foo"} with Add instead of Remove?

@cehrit  You win today's prize for today the 'deliberate' mistake. Well done! I win today's prize for worst copy and paste. 

 

All fixed now, and glad you like the change. 

Occasional Contributor

Hi, Greg: When does this change roll out, where? I am guessing Exchange Online first, then the next Exchange Server cumulative updates?

Rob

Rob, changes start rolling out from November in Exchange Online, they will come to on-prem in a future CU. 

Occasional Visitor
It appears that ".psd1" is listed twice - is that a duplicate or is there another extension?

@bsommers - you win the second eagle eye prize and I shall hang my head in shame - for the second time. 

 

Thanks for spotting that (there was one other duplicate too which I fixed), all good now I hope. 

Occasional Visitor

@Greg Taylor - EXCHANGE How do I manage this for my IT team? They will often be sharing PowerShell and certificates - but don't want to open this up for my whole organisation...

Occasional Visitor

Are you aware that .appref-ms / clickonce is used by your own eDiscovery service for Exchange Online? 

 

https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/export-results-to-pst?vie...

 

@mr_kitson  - You can use the New-OwaMailboxPolicy and Set-OwaMailboxPolicy cmdlets to create and configure a new policy that meets the needs of your IT staff, and then use the Set-CasMailbox cmdlet to assign that policy to those people.

@lochii - yes, but sending them to someone as a clickable link in an email isn't recommended. If you want to create an exception for that type you can do so using the steps in the article. 

Occasional Visitor
Also regarding the first clever shortcut for adding a file type - should it not be -AllowedFileTypes rather than -BlockedFileTypes? Sorry. Thanks for the useful post.
Senior Member

Hello!   Why should certificate files be blocked?

Occasional Visitor

Oh hey, I've got one: customer's is possessive for a single customer. I think you meant customers'. First few words of the last paragraph.

Frequent Visitor

Will these file types be blocked just in Outlook web app or will this also impact the desktop apps?

@chalmerstax - I'm going to fire the person who proof read this blog post given how many small errors are in it. 

@richardmanley3  - sorry, I can't answer this, I just got fired. 

 

(the answer is in the title...) 

Occasional Visitor

Thanks for the heads up. Are you able to define "soon" to an expected timeframe?

Occasional Visitor

Also, where can I find a list of the file types that are currently blocked?

Occasional Visitor

Does this also take effect on Android and iOS applications?

Frequent Visitor

@greg Taylor fair comment, it is in the title!  Just checking as I know our service desk will ask :)

Occasional Visitor

If certs are blocked, does that mean signed and encrypted emails are no longer accessible via Outlook on the web?

@flinderbahn - no. Certs sent as attachments are blocked. That's not how signed and encrypted emails are made.