Add OneNote Fileextensions to the Exchange Online Malware Filter

Hi All,

I've heard from OneNote Phishing in the last few Months. That seems to be a new way of Attack.
Sadly i don't know the exact details of that Attack.
What came to my mind was to block OneNote Attachments in the Malware Filter.

Microsoft: Besserer Schutz vor riskantem OneNote-Phishing geplant

Also Microsoft want's to improve here according to the M 365 Roadmap


I've checked the OneNote file Extensions on my Computer


Microsoft OneNote File Extensions according to thefile.org


Let's go to work. List the Malware Filter Policys in Exchange Online

Connect-ExchangeOnline
Get-MalwareFilterPolicy | ft Name


Look at the Details. As you can see the Extensions are in the FileTypes Attribute (without dot before the Extension).

Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01


Let's add the OneNote File Extensions

$FileTypes = (Get-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01).FileTypes
$FileTypes.Count
$FileTypes.Add("one")
$FileTypes.Add("onepkg")
$FileTypes.Add("onetoc")
$FileTypes.Add("pwi")
$FileTypes.Add("sig")
$FileTypes.Add("onechache")
$FileTypes.Add("onetmp")
$FileTypes.Add("onetoc")
Set-MalwareFilterPolicy -Identity ICEWOLFMalwarefilterPolicy-01 -FileTypes $FileTypes



As you can see the Filetypes are now in the Policy



Regards
Andres Bohren