Microsoft 365 - Unable to view/open attachment

A security feature exists within many of the Office 365 clients that blocks attachments that might put your computer at risk for viruses or other threats.

What will I see in my client when I receive a message with a blocked attachment?

Outlook on the web

executable attachment

The example above shows an attachment titled "bucky_badger.exe". If you attempt to click on the image to open/view it, you will see the following message:

access blocked

Outlook for Windows

outlook access blocked

Outlook displays the above message for any attachment that has been blocked. The attachment in this example is titled "bucky_badger.exe".

Note: All executable files should be handled with great caution. Please contact the sender to verify that they intended to send it to you and that it is safe to execute. Keep in mind that some viruses are constructed in a way to trick you into trusting that the file is safe to open.

How can I get the attachment if I cannot see it or open it?

  • Ask the sender to upload/share the file via cloud storage (Google Teams Drive, Box Project Directory, and/or Office 365 OneDrive for Business) or shared network drive.
  • Put the file in a zip (or other archive format) and set an encryption password on the archive.
  • Send the file directly to the recipient using an instant messaging client.
  • Put the file on some sort of physical media (such as a CD ROM disc or a USB thumb drive) and hand-deliver to the recipient (assuming the sender and the recpient are within close proximity to each other.)
  • Ask the sender to rename the file with a non-executable file extension prior to sending it. Important: The "From" header contains the sender's name and email address as specified by the sender. You can also look in the body of the message for the sender's name and contact information (if they included it.) However, it is possible for this information to be forged by a virus author. Even if the From address and the body look legitimate, you should still contact the sender to verify its legitimacy prior to running the program. If there is no contact information, then it probably wasn't sent from someone you should trust.

My desktop anti-virus program doesn't detect a virus in the message, is it ok to open the attachment?

You should not execute any unverified file attachments even if your anti-virus program doesn't detect a threat. It is common for every anti-virus program to miss some new viruses.

What file types are considered executable?

*.ade *.adp *.app
*.asp *.aspx *.asx
*.bas *.bat *.cer
*.chm *.cmd *.com
*.cpl *.crt *.csh
*.der *.exe *.fxp
*.hlp *.hta *.htc
*.inf *.ins *.isp
*.its *.js *.jse
*.ksh *.lnk *.mad
*.maf *.mag *.mam
*.maq *.mar *.mas
*.mat *.mau *.mav
*.maw *.mda *.mdb
*.mde *.mdt *.mdw
*.mdz *.mht *.mhtml
*.msc *.msh *.msh1
*.msh2 *.msi *.msp
*.mst *.ops *.pcd
*.pif *.plg *.prf
*.prg *.psl *.ps2
*.psc1 *.psc2 *.pst
*.reg *.scf *.scr
*.sct *.shb *.shs
*.tmp *.url *.vb
*.vbe *.vbs *.vss
*.vst *.vsw *.ws
*.wsc *.wsf *.wsh
*.xml

Other resources/information: