In order to resist phishing attacks launched through the OneNote application, Microsoft plans to introduce a security change starting in April 2023 – OneNote will block users from directly opening 120 types of high-risk file formats. When attempting to open such attachments, OneNote users will see a prompt stating “Your administrator has blocked your ability to open this file type in OneNote.” The pop-up window only provides a confirm button and close window button, and users cannot directly open these high-risk files.
Microsoft points out that users can save embedded files locally and then open them – provided they fully trust the sender. However, antivirus software may still prevent the execution of these files.
The above changes will affect OneNote for Microsoft 365 and retail versions of Office’s OneNote but do not involve OneNote for Mac, Android and iOS versions, OneNote web version, or Office’s bulk licensing version of OneNote.
The blocked file extensions include: .ade .adp .app .application .appref-ms .asp .aspx .asx .bas .bat .bgi. cab. cer. chm. cmd. cnt. com. cpl. crt..csh..der..diagcab..exe..fxp.gadget.grp.hlp.hpj.hta.htc.inf.ins.iso.isp its.jar.jnlp.js.jse.ksh.lnk.mad.maf.mag.mam.maq.mar.mas.mat.mau mav maw mcf mda mdb mde mdt mdw mdz msc msh msh1 msh2m shxmlm sh1xmlm sh2xmlmsi ms pmsp mist msu ops osd pcd pif pl plg prf prg printerexport ps1 ps1xml ps2 ps2xmlpsc1psc2psd1psdm1pstpy pycpyopywpyzpyzwreg scf scr sct shb shs theme tmp url vb vbe vbpvbsvhdvhdxvsmacrosvswwebpnpwebsite ws wscwsf wsh xbap xll xnk.
IT administrators can also add more file extensions to the block list and “allow” certain blocked file extensions.