Microsoft has silently added a new Group Policy (GPO) to allow Office 365 admins to block Office 365 users from opening untrusted Microsoft Query files with IQY, OQY, DQY extensions. Microsoft also announced a week ago that they will also be blocking an additional 38 file extensions from being downloaded as attachments including Java, PowerShell, Python files to protect Outlook on the Web users from malicious attacks. Policy requires Office365 license and only applies to subscription versions of Office 365 ProPlus, Visio Pro for Office 365, and Project Online Desktop Client.
Source: https://www.bleepingcomputer.com/news/microsoft/office-365-admins-can-now-block-malicious-microsoft-query-iqy-files/