Possibly a feature used by many, I am still seeing customers from time to time that could benefit of this rule. Even for those that do use it, there is something interesting that was just released in Office 365: the ability to notify the end user when an action was triggered by a transport rule.
Imagine the possibilities, you can have the user know when a message was marked as spam by a transport rule and moved to their Junk Folder. Cool!
Let's get back to the main topic now. Aggressive malware protection. You can do this by creating a transport rule to block executable content. Why do this? Well, it will provide you with additional protection against 0 day malware. I am always recommending for the rule to be created not to delete messages as an action, but to move the messages to the Hosted Quarantine. This means that you still have 7 days to check the Quarantine for any false negative messages that might have caught up with your newly created transport rule. It should probably look like this:
What I created here is a rule that will block an executable file (even if the file is archived or extension renamed). More than this, I have added a different action to this. The user will be notified with a message that will contain the following details:
A message sent to you was blocked by the Administrator - Executable content detected! <br><br>
Date: %%MessageDate%% UTC<br>
From: %%From%%<br>
To: %%To%%<br>
CC: %%Cc%%<br>
Subject: %%Subject%%'
The list of files that is covered by this rule is in the table below:
| Type of file | Native extension |
| Self-extracting archive file created with the WinRAR archiver. | .rar |
| 32-bit Windows executable file with a dynamic link library extension. | .dll |
| Self-extracting executable program file. | .exe |
| Java archive file. | .jar |
| Uninstallation executable file. | .exe |
| Program shortcut file. | .exe |
| Compiled source code file or 3-D object file or sequence file. | .obj |
| 32-bit Windows executable file. | .exe |
| Microsoft Visio XML drawing file. | .vxd |
| OS/2 operating system file | .os2 |
| 16-bit Windows executable file. | .w16 |
| Disk-operating system file. | .dos |
| European Institute for Computer Antivirus Research standard antivirus test file. | .com |
| Windows program information file. | .pif |
| Windows executable program file. | .exe |
Well, now you have it! You can protect your Office 365 mailboxes even better now.
References:
https://support.microsoft.com/en-us/kb/2959596
https://technet.microsoft.com/en-us/library/jj919236%28v=exchg.150%29.aspx
https://technet.microsoft.com/en-us/library/dn950026(v=exchg.150).aspx