How to prevent WINMAIL.DAT attachments in Exchange Online by disabling TNEF

I’ve run into this problem a handful of times over the last few years. An Exchange user sends and e-mail with attachment(s) to a non-Exchange user and the recipient receives nothing but a WINMAIL.DAT file that they cannot open. The most commonly preached resolution was simply to tell the sender to stop using the Rich Text Format (RTF) when sending e-mail, moving to the HTML format instead. RTF uses Transport Neutral Encapsulation Formatting (or TNEF for the sake of your sanity and mine). In most cases, the recipient was using an e-mail client that was unable to translate TNEF (like the Apple e-mail client). This resulted in that user receiving the WINMAIL.DAT file instead of the actual attachment, the client couldn’t properly translate the message.


So… you’re now using the HTML format by default in all of your e-mail messages. The world is bright and shiny; all are happy… right? You send out OMGIMPORTANT.PDF to your Board of Directors in HTML format, but they report that they did not receive the file. Instead, they received another WINMAIL.DAT file that they could not open from their fancy MacBook Air’s (every recipient that I’ve run into this with has been on a Mac using the native e-mail client). #@$%!&


The problem (if you’re already sending in HTML format) is not your Outlook client, it is your hosted Exchange Server. You need to disable TNEF globally… time to fire up PowerShell and follow the instructions provided by the good folks over at TechNet.


NOTE: In order to perform the steps below, you must first install the “Microsoft Online Services Sign-In Assistant for IT Professionals” and “Azure Active Directory” PowerShell modules. You can find both modules and more information on TechNet, HERE. The modules are an absolute requirement for any IT Pro that works with Office 365 and Azure.


  1. On your local computer, open Windows PowerShell (run as administrator) and run the following command: $UserCredential = Get-Credential
  2. In the Windows PowerShell Credential Request dialog box, enter your Exchange Online (O365) username and password, click OK.
  3. Run the following PS command to complete your connection: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic –AllowRedirection
  4. Run the following PS command: Set-ExecutionPolicy RemoteSigned
  5. Run the following PS command: Import-PSSession $Session
  6. Run the following PS command to disable TNEF globally: Set-RemoteDomain Default -TNEFEnabled $false
  7. Run the following PS command to confirm your change: Get-RemoteDomain |fl
  8. Finally, if successful, run the following PS command to disconnect your remote PowerShell connection: Remove-PSSession $Session

Now, send that OMGIMPORTANT.PDF file out again before the Board gets cranky.


Anthony Adinolfi

  2 comments for “How to prevent WINMAIL.DAT attachments in Exchange Online by disabling TNEF

  1. January 27, 2016 at 4:05 AM


    Yes it works!

    But: the “standard” PowerShell will not do! You have to install the “Microsoft Online Services Sign-In Assistant for IT Professionals RTW” first and then the “Azure Active Directory Module for Windows PowerShell (64-bit version)”. There is also a 32-bit version available that is no longer developed but still supported AND works.

    Good luck everybody!

    • January 27, 2016 at 9:35 AM

      Excellent point, Lucian. Exactly right! Both modules are required and I’ve added reference to them in the original article.

      Anthony Adinolfi

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...

BlueBorne vulnerability places billions of devices at risk via Bluetooth protocols... Would you like to know more?
+ +