MicrosoftHi,
Very interesting read! Can you help me understand what the best approach would be for the following scenarios?
1. We have some system mailboxes for ticketing systems where we need to ensure that mails are not blocked because of "Junk detection" but we still would want to block Spoof/Phishing mails. Right now the only real option seems to be to go with an ETR and set the SCL -1 which is allowing more than we want to. Is there a way to only disable the Junk Filter to avoid False/Positives in a scenario like this where we can not filter by senders?
2. Is there any information what exactly qualifies ad "high confidence phish"? Did not find anything so far.
3. The filtering stack diagram is great! Is there also any overview which parts are excluded for example when setting SCL -1 in a ETR? Or when working with allowed IPs in the Connection Filter.
