Use File Block Settings to enforce your file format policy , not to fix a one-off error. If a user complains they cannot open a .prn file from 1992, do not globally unblock .prn . Convert the file for them. Your security posture is only as strong as your oldest allowed file format. Have you been bitten by an aggressive File Block policy? Or are you using it to successfully block legacy macro malware? Let us know in the comments below.
You can deploy specific GUIDs for each file type. For example, the policy setting for blocking legacy Excel 2.0 spreadsheets is a simple registry key under: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileBlock file block settings in the trust center
You must customize these settings. The default settings are too permissive for regulated industries (Finance, Healthcare, Legal) and too restrictive for engineering firms that rely on legacy CAD-to-Excel exports. Use File Block Settings to enforce your file
After 90 days of Phase 2, change the policy to "Hard Block Open" . Any remaining legacy files become inaccessible. You will get three angry emails, but the migration will be over. Common Misconceptions Myth 1: "File Block Settings protect against all zero-day exploits." Reality: No. They protect against exploits in specific parsing libraries for specific old formats . A zero-day in .docx will bypass them completely. Your security posture is only as strong as