New Outlook and Outlook Web Will Now Block More Attachments Automatically
Microsoft took a major step toward improving email security by updating its list of blocked file types for attachments. At the time, the company explained that it was adding specific extensions to the BlockedFileTypes property within OwaMailboxPolicy objects , as part of broader efforts to protect users from malicious content often delivered through email.
Since then, Microsoft has continued to expand this list across both Outlook on the Web and the newer version of Outlook for Windows . In a recent announcement via the Microsoft 365 Admin Center , the company revealed plans to add two more file types to the default block list: .library-ms and .search-ms .
According to Microsoft, these additions are expected to have minimal impact on most users, as these file types are rarely used in everyday communication. The rollout is scheduled to begin in early July 2025 , and no action will be required from administrators unless their organizations still rely on those file types.
🔧 What Should Administrators Do?
For IT admins, if your organization doesn’t use .library-ms or .search-ms files, there’s no need to take any action — the update will apply automatically. However, if you do need to allow these file types, Microsoft advises adding them to the AllowedFileTypes property of your OwaMailboxPolicy before the changes go live.
This update is marked as a “major change” in Microsoft’s admin portal, which means it’s important to review your current policies and ensure they align with your organization’s needs.
You can find full instructions on how to adjust these settings in the official documentation on Microsoft’s website .
âś… Commonly Allowed File Types in Outlook
By default, Outlook allows a wide range of safe file types, including:
.pdf,.docx,.xlsx,.pptx.jpg,.png,.gif,.bmp.txt,.rtf,.zip,.mp3,.wav- And many more commonly used formats
A full list of allowed and blocked file types is available in the official Microsoft support article here .
📢 Where to Find This Announcement
System administrators can view the official message under Microsoft 365 Admin Center using the reference ID MC1090702 .
With cyber threats becoming more sophisticated, Microsoft continues to strengthen its defenses by limiting potentially dangerous file types at the platform level. While this change may affect only a small number of users, it reflects the company’s ongoing commitment to user safety and proactive threat prevention.
