Hot Posts

6/recent/ticker-posts

Microsoft to Default-Block More File Types in New Outlook and Outlook Web

Author June 11, 2025



In a continued effort to harden email security, Microsoft has announced that Outlook for Web and the New Outlook (Windows & Mac) will begin default-blocking additional potentially dangerous file types from being downloaded or opened.

This move aligns with Microsoft’s longstanding security practices in Outlook desktop apps but expands protections to cloud-based versions, which are widely used in both enterprise and personal environments.

🧱 What’s Changing?

Starting mid-2025, the New Outlook and Outlook Web App (OWA) will block more file extensions by default — including file types known for being exploited in malware and phishing attacks.

🔐 Key file types being newly blocked:

  • .app – Windows Application files
  • .gadget – Windows gadget files
  • .msi, .mst – Microsoft Installer files
  • .reg – Registry entries
  • .vbs, .js, .jse – Script files
  • .wsf, .wsh – Windows Script Host files
  • .ps1, .ps2 – PowerShell scripts
  • .cmd, .bat – Batch files

These file types are commonly used in malicious campaigns to deploy ransomware, steal credentials, or gain remote access.

🧭 Where You’ll Notice the Change

This block applies to:

  • Outlook Web App (OWA) – Used via browser
  • New Outlook for Windows & Mac – The redesigned, modern Outlook experience
  • Outlook in Microsoft 365 environments

Older classic Outlook desktop versions already block most of these files. This update simply brings parity across platforms and strengthens security for cloud and web users.

📩 What Happens If You Receive a Blocked File?

When someone sends an email with a newly-blocked file type:

  • You’ll see a warning that the file was blocked.
  • You won’t be able to download or preview it directly from Outlook.
  • The email itself will still arrive in your inbox, unless filtered by other security policies.

IT Admin Notes

Admins using Microsoft 365 Defender or Exchange Online Protection (EOP) should take note:

  • These changes affect client-side access, not server-side delivery.
  • Files may still be scanned by antivirus policies and rules set by your organization.

If your organization relies on any of the newly blocked file types for legitimate use cases, Microsoft recommends using OneDrive, SharePoint, or secure file-sharing platforms instead of attaching files directly to emails.

📅 When Will This Roll Out?

Microsoft has begun gradual rollout to Targeted Release customers and will push to Standard Release tenants by Q3 2025.

Author

Posted by Author

Post a Comment

0 Comments