Have you replaced your vulnerable attachment paperclip yet? Everyday your organization waits to replace one of the biggest vulnerabilities facing companies today is another day you risk data loss and data breach. Here are the instructions for disabling the use of the old paperclip for email accounts within the Microsoft 365 ecosystem (go here for instructions on how to disable the attachment paperclip in Gmail). Note: Sending an attachment using OneDrive will bypass this configuration.
You’ll see from the step-by-step instructions the person with access as the Office 365 admin needs to be the one to complete the process. They will be creating a new “rule” for the accounts in the system that will block attachments from being sent using the standard paperclip.
- Open the Exchange admin center (EAC) https://admin.exchange.microsoft.com on Outlook and sign in using your credentials. Note that this is only accessible by the Office 365 admin.
- On the left side, click the Mail flow dropdown, then Rules.

3. Click Add a rule () and then select Create a new rule.

4. You will need to set the conditions under Set Rule conditions:

- Name: Enter a unique, descriptive name for the rule. Example – Block Regular Attachments
- Apply this rule if: this sets the conditions for when Microsoft will follow the rule. To disable all attachments being sent with the standard paperclip we recommend setting the rule to:
- Any attachment
- size is greater than or equal to 1 KB (where you specify attachment size limit)
- Do the following:
- Block the message
- reject the message and include an explanation.
- Explanation example: For security reasons, we have disabled the use of the standard paperclip for attaching files. Please use Document GPS.
- Hit Next
- On the Set rule settings, hit Next. Review and Finish
5. A success message will show: Transport rule created successfully. Hit Done.
6. **Once the rule has been created, initially the Status will be Disabled. To enable this, click on Disabled.Toggle it to Enabled.

- A message will show up as Updating the rule status, please wait…
- Then a success message will say Rule status updated successfully
7. To verify if the rule has applied, go to Outlook Mail. Send an email to any recipient. You, the sender, should receive a bounced email stating that Your message to *email address* couldn’t be delivered.
For more details, go to Common attachment blocking scenarios for mail flow rules in Exchange Online and Exchange admin center in Exchange Online.