MS Outlook email, checking attachment security

[AleisterCrowley]

Afternoon all
Is it possible to configure Outlook so that it refuses to send emails with attachments which are not password protected?

thanks
AC

[Midsmartin]

That's interesting.

Office365 email (ie Exchange) lets you add a filter to do the opposite: block attachments that are password protected. I don't think you can do it your way simply within Outlook or Exchange.

The reason is that a virus scanner can't check the contents of a password protected file. For this reason, some companies may block receipt of password-protected files. It looks as though Outlook.com does, or used to, reject password-protected attachments entirely for this reason.

There may be a third party add-in that can do what you want (at the risk of all your emails being rejected!). This one for example might do it, though I've only briefly skimmed through the description:
https://www.mapilab.com/outlook/attachments_processor/attachments_zip_compressor_component.html

This sort of filtering may also happen at the server end, not the Outlook client on your desktop PC. eg, if you use Gmail, then gmail may offer such filtering (I haven't checked) though it seems unlikely for the reasons above.

What are you trying to achieve, and do you have a budget? For business purposes, there are all sorts of companies offering encrypted email services that let you send encrypted data. Actually what they generally do is store the data encrypted on a 3rd party server, and the recipient retrieves the file from the encrypted store.

I suppose you could block all attachments, and then selectively send things you want by other means - links to Onedrive, dropbox etc, where your files can be protected safely by a password.

[Infrasonic]

What are you trying to achieve, and do you have a budget? For business purposes, there are all sorts of companies offering encrypted email services that let you send encrypted data. Actually what they generally do is store the data encrypted on a 3rd party server, and the recipient retrieves the file from the encrypted store.

Also sending attachments in the current email environment of ransomware/phishing et al is possibly going to get you blocked or put on some grey list - even in a two way fully authenticated B2B contacts (SPF/DKIM/DMARC/ARC) policy environment it's probably better to send URL links to files to minimise inbox delivery issues.

[AleisterCrowley]

Thanks for responses (forgot I'd posted this, hence delay)
Basically it's an audit 'suggestion'/AFI

When sending files between parties we are supposed to password protect. I know it's not high security, and Inevitably there are occasional lapses.
Sounds like there is no easy way to do it. I'll have a word with our IT team re the main corporate Outlook, but we also have a standalone O365 which is used for the more sensitive stuff- I 'sort of' manage this, as nobody else wants to, but setting up password protection checking is probably beyond me.

[Infrasonic]

Thanks for responses (forgot I'd posted this, hence delay)
Basically it's an audit 'suggestion'/AFI

When sending files between parties we are supposed to password protect. I know it's not high security, and Inevitably there are occasional lapses.
Sounds like there is no easy way to do it. I'll have a word with our IT team re the main corporate Outlook, but we also have a standalone O365 which is used for the more sensitive stuff- I 'sort of' manage this, as nobody else wants to, but setting up password protection checking is probably beyond me.

Get your IT dept. to see how feasible it is to integrate some sort of 2FA system linked to your O365. Enterprise level packages should have systems available for that sort of thing, I'd imagine it would be near the top of the priority list for many businesses.
If you don't need anything for a large user base then MS authenticator might be enough - difficult to know without the use case specifics...https://www.microsoft.com/en-us/account/authenticator

Hardware keys are another option but that is more suited to a fixed user list scenario - if you need the flexibility for granting third parties file access it's less flexible...https://www.yubico.com/

[AleisterCrowley]

I've got 2FA switched on for our 'stand alone' O365 site already
I need to be able to stop people attaching files and sending via email if the document is unprotected

[Infrasonic]

I've got 2FA switched on for our 'stand alone' O365 site already
I need to be able to stop people attaching files and sending via email if the document is unprotected

OneDrive has a password protected encrypted vault, with the O365 business packages there aren't any restrictions to its size/number of folders and files AFAIK.
Have a look at Exchange and see if you can set up a rule to stop email attachments being sent out and force all files to be saved to the vault on OD with a URL link for shares... https://docs.microsoft.com/en-gb/search ... e%20online

Also have a look at automating MS cloud services... https://flow.microsoft.com/en-us/
Zapier is also powerful...https://zapier.com/
IFTTT (Pro for your use case)...https://ifttt.com

I've set up things in the past using Dropbox and OneDrive where Dropbox is used as a password/time limited isolated document read only /or edit share space for third parties and then a cloud sync was set up to OneDrive as a backup/archive on a manual trigger - once I was happy everything was clean (in an effort to prevent the potential spread of ransomware). That was for a limited number of users though, not sure how it would scale in your situation.

[Midsmartin]

I need to be able to stop people attaching files and sending via email if the document is unprotected

If you are using Office365 for email (now called Microsoft365)

log in to office.com as global admin. Go to "admin" -> show all-> Admin centres -> Exchange
Office.com webpages are very slow to load at the moment. just be patient.

Then go to Mail Flow -> Rules->create new rule
Call it "block attachments"
Click the little "more options" link at the bottom
Click "apply this rule if", select "attachment has.. these words in the file extension
Then add docx, doc, xlsx, xls pdf etc to the list

Under "do the following" choose "reject the message and include an explanation".
Add text along the lines of "attachments must be sent by password protected Sharepoint or Onedrive links for security"


Then test the rule - eg by adding a condition that it only applies to a particular sender, or user group, and have that user test it.

Make sure everyone knows how to send links by Onedrive/Sharepoint instead.
Note that if you share a link to Onedrive with "anyone with the link can access the file" security, then anyone who hacks into the mailbox can also access the link - but there is a "set password" sub-option in Onedrive you can use. There is probably a way of enforcing that passwords must be provided.

[Midsmartin]

I missed an optional step. Click the "add exception" button, and select "attachment is .. password protected" - this should now achieve precisely what you're looking for, I think.

Test thoroughly and see if your intended recipients can actually receive password protected attachments. They may not. Your new rule may also result in a lot of swearing!

Recipients will probably remove the password and save it unprotected on their own system anyway, and then send it to each other that way.

[Midsmartin]

Add an additional condition to the rule so it only applies to external recipients.

I don't have it in front of me any more, but you need to make sure it's not blocking incoming attachments.

[AleisterCrowley]

Thanks ! I will have have a go when I have some spare time (???!!!)

[Midsmartin]

Good luck! If you are worried about security, I'd strongly recommend that any users with admin rights on Office365 are set to use two factor authentication (and possibly all other users as well). There's no extra charge; you just have to set it up. Ask a friendly IT company for help if you need it.

I had a client whose Office365 was broken into. All incoming email was set to be copied to external gmail accounts - potentially a serious security breach. Multiple new mailboxes were created to send out phishing links to both their clients and random addresses. It was sometime before anyone noticed, as new email continued to arrive just as normal. Two factor authentication would have prevented it. And they got billed for the new accounts ! (refunded though).

Anyway, for your rule, to summarise, you want:
Apply where:
1) sender is yourself only, for testing. Change to any internal user later
2) recipient must be external (unless you want to include internal emails)
3) attachment with given file extensions
4) EXCEPT where attachment is password protected
5) and then reject with an explanation.

What happens if there are two attachments - one password protected, and one not? I've no idea - test it.

To configure security for sharing links via Onedrive and Sharepoint:

From Office.com ->admin, go to Sharepoint Admin -> policies-> sharing
There are several options. You might want to select "New and existing guests must sign in or provide a verification code.". There are multiple other options that allow you to restrict which of your users are allowed to share links externally, and more - read through all the options.
https://docs.microsoft.com/en-us/sharepoint/external-sharing-overview

[AleisterCrowley]

I've got 2FA enabled already - although I'm an unenthusiastic and barely competent Office365 admin!
I will have a go with the email rules, but 'sadly' we are locked out at the moment for reasons I can't go into...

(o/t I find the billing page really difficult to use - there's no nice logical presentation of invoices/payments/ balances, and MS seem to randomly debit/credit odd amounts at odd times)

thanks for the responses
AC

[Infrasonic]

https://www.microsoft.com/security/blog ... e-servers/

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

Cont.

Exchange online should have been patched already.

More here...https://arstechnica.com/information-tec ... -exchange/