The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Create email rules to prevent Ransomware in Microsoft 365 Business

Download Windows Speedup Tool to fix errors and make PC run faster

Ransomware is one of the most painful versions of malware that locks down files, and even access to a computer. If you are using Microsoft office 365, then you can set up rules which will make sure to block some ransomware files. Email is the op source of Ransomware attacks where files are sent in the form of JavaScript, batch, and executables, and so on. This post will show how you can create email rules to prevent Ransomware in Microsoft 365 Business.

When using Exchange Online, all emails pass through the Exchange Online Protection (EOP). It quarantines and scans all emails and emails attachments in real-time, entering and leaving the system for viruses and other malware. So only when you want to customize administrators can make company-specific filtering customizations using the Exchange admin center.

Create email rules to prevent Ransomware in Microsoft 365

rules ransomware add extension

Microsoft 365 Business offers an admin center that can be configured to protect all the inboxes. You can increase the protection further by tweaking the rules applied to emails to strengthen further.

Go to Admin Center > Exchange > Choose Mail Flow from the menu on the left. Then click on the plus(+) symbol under the rules tab, and then choose the Create a new rule option.

Ransomware rule Microsoft Office 365

Once the rule page is open, enter the name of the rule, and click on More Options available at the end. Select Any Attachment under Apply this rule if, and then select file extension includes these words.

You can then choose to specify words or phrases, i.e., file extensions that you want the rule to be applied. Files that are known to carry Marcos or any executable can be stopped here. Use the plus (+) symbol to add them one at a time. Finally, scroll down to review the list, and if it’s alright, choose OK.

You can further customize it by adding a new condition. Choose to add a condition, and then choose a condition under Do the following. Here you can select to Notify the recipient with a message.  Then enter the notification message you want the recipient to see. Select OK.  An email will be sent to the recipients when an email with restricted attachments containing one of the specified extensions to warn them of the possible threat.

rules ransomware add extension

You can also add exceptions if there is a known trusted user when creating the rule. It will make sure that if you receive such files, it will not be blocked, and sent to the inbox directly.

Microsoft has built excellent features for both consumers and businesses. On Windows 10 PC, you can use the Windows Security App to safeguard files from Ransomware, and then you have tampered protection settings, which make sure your personal and system files are always secure.

For Businesses, Microsoft offers a plethora of settings and features to protect against Ransomware. These include Exchange Online Protection, Advanced Threat Protection (ATP), SharePoint Online, OneDrive protection, and Recycle Bins.

AshishMohta@TWC

Ashish holds a Bachelor's in Computer Engineering and is a veteran Windows. He has been a Microsoft MVP (2008-2010) and excels in writing tutorials to improve the day-to-day experience with your devices.