Using PowerShell/Office 365: Configure Outlook Web Access to Download .XML Files

DRAFT

https://technet.microsoft.com/en-us/library/bb125264(v=exchg.160).aspx

//

Office 365 users can access email from one of many native applications, but also from the web browser using the venerable “OWA” (Outlook Web Access) found at https://outlook.office.com/owa/. Below the friendly Office 365 banner, your email messages are available at your fingertips.

office365-banner

If an email contains attachments, you might be surprised to find out that some attachments are not allowed. For example, XML files. You might see something like the following. The “do not enter” icon is telling you that downloading these files is not supported.

foo.xml

 

If you click on the files, you will get a pop-up error confirming this:

access-to-this-attach-verbotten

But you can fix this. It is easy, but I had a hard time finding all the right pieces. Thus, this blog post.

Default Attachment Support

You will find that some attachment types will work. For example, .zip is commonly supported. The exact list depends on what your administrator has configured, but unless .zip was expressly blocked, it should work by default.

But not every file extension you care about will work.

Enabling Attachment Support

Let’s suppose you wish to allow for .xml files to be downloaded. By default, these are blocked.

Here’s what you need to make this happen:

  1. Administrative access to your Office 365 tenant
  2. Download the needed PowerShell cmdlets
  3. Run the cmdlet to enable the desired extensions
  4. Celebrate

If you do not have administrative power, team up with someone who does.

Download the two packages mentioned in step 1 of this Microsoft post which are:

  • Install the 64-bit version of the Microsoft Online Services Sign-in Assistant from here – again, be sure to grab the 64-bit version if you have a 64-bit operating system image (which is likely), and that’s the one I used.
  • Install the .msi file at the bottom of the page from here – as of this writing, it was “AdministrationConfig-V1.1.166.0-GA.msi” but the version number in the filename may change over time.

These are both very quick installs and you can choose all the default values.

Now your PowerShell bits should be resident on your computer.

Before you get on with it, double check that you have your PowerShell execution policy set to allow RemoteSigned (at least). This can be checked via:

Get-ExecutionPolicy

If the value

PS v2:\> (Get-Command Set-ExecutionPolicy).ModuleName

Microsoft.PowerShell.Security

(Get-Command Set-ExecutionPolicy).ModuleName

Update-Help -Module Microsoft.PowerShell.Security

(You may need to run the shell as Admin)

http://go.microsoft.com/fwlink/?LinkID=135170

https://msdn.microsoft.com/powershell/reference/5.1/Microsoft.PowerShell.Core/about/about_Execution_Policies

 

 

Set-ExecutionPolicy RemoteSigned

https://technet.microsoft.com/en-us/library/dn975125.aspx

Per documentaDownload the PowerShell cmdlets for

https://support.microsoft.com/en-us/help/2852113/office-365-users-can-t-open-or-view-attachments-in-outlook-web-app

Set-ExecutionPolicy RemoteSigned
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedFileTypes @{Remove = ".xml"}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AllowedFileTypes @{Add = ".xml"}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedMimeTypes @{Remove = "text/xml", "application/xml”}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy –AllowedMimeTypes @{Add = "text/xml", "application/xml”}

 

 

 

Caveats

Be careful choosing the file extensions you enable. Allow only those you are comfortable with and for which there is a real need. Being too open here could lead to exposing users to phishing or other attacks using malicious downloadable payloads.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s