Office 365 – Anti Malware Policy/ Mail Flow rule – Detected PS1 file – Email Attachment

A good starting point for this exercise was to find the Microsoft Post on Mail Flow rules to inspect message attachments. Available here. There is also a good reference page on common blocking scenarios.

Recently some of our users received received PS1 files as attachments. We wanted to raise awareness to our users about PS1 files by adding an additional disclaimer in emails received with PS1 attached file types.

If you try to send a PS1 file as an attachment, you will often get a notification, but it allows you to send the email.

Users of Outlook might receive the email still and be notified of a potentially unsafe attachment. Which is good. But what if they weren’t using Outlook?

Web Mail “Outlook” will give you a “No Entry” sign

Challenge : How do we create a mail flow rule to add a disclaimer to inbound emails with PS1 files attached?

How to Guide : Create Mail Flow Rules

Start in “Microsoft 365 Admin Center” and browse to “Exchange” Admin Center

You can created new rules by selecting “Mail Flow” > “Rules” > “+”> “Create a new rule”

This example Appends the Disclaimer when a PS1 file is recieved

Additional options (Optional)

Rule is configured

.. Test Mail example sent to a Microsoft 365 Exchange Mail box – Disclaimer added. See example screen shot below.