At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).

Why This Matters

Attackers frequently distribute malware through executable file types like .exe, .cmd, and .vbe, relying on users accidentally running them after clicking a link or opening an attachment. Without blocking these click-to-run file types in Exchange Online, your organization faces a higher risk of ransomware, trojans, and other malicious code executing on user workstations. IT administrators should block these file types in transport rules or anti-malware policies to enforce a basic security boundary against common attack vectors.

What Aether365 Checks

Aether365 verifies that your Exchange Online environment is configured to block at least the core click-to-run file extensions (.exe, .cmd, .vbe) in inbound and outbound messages. This check is displayed on your Aether365 dashboard under the microsoft-365 section.