Forum Widgets
Latest Discussions
Tenant Forwarding - Trusted ARC Sealer
As part of a tenant to tenant migration we often need to forward mail from one tenant to another. This can cause some issues with email authentication verdicts on the destination tenant. Is it possible or best practice to configure another tenant as a Trusted ARC sealer to help with forwarded email deliverability?
License question
Hello, From what I've read, if I have 10 licensed (Defender for Office 365) users, each with their own mailbox and an additional shared mailbox connected, I only need to license those 10 users (the shared mailbox doesn't need to be licensed additionally). However, I don't see such a provision in the licensing agreements themselves. If I understand this correctly, can someone point me to the relevant clause in the agreement? Does a shared mailbox that no one uses require a Defender license (if the organization uses Defender for Office 365 licenses)? thx.Secure Score rec. out of date - Entra consent settings
TLDR: 1. SecureScore recommendation for user consent settings does not match the User Consent settings recommendation. 2. Also, the recommendation on User Consent page is not described in a sensible way. This recommendation - Ensure user consent to apps accessing company data on their behalf is not allowed - instructs people to set the Consent Settings to 'Allow users to consent to low-level permissions', and select the low-level permissions. Optionally, to also set up admin workflow. This is the SecureScore recommended process we've been using. It was bugged, so we'd set it to 'Resolved by ____' usually once completed. It looks like this is fixed and now properly shows Completed (from testing, the manual resolve statuses aren't overwritten by the automatic completion - it'll wait until those are set to something else to update it to completed. Anyway,, that's not the issue. Recently noticed on the actual Consent blade, it shows that the recommendation is Microsoft-managed. I've never noticed this before - i believe it's new. So now it's kinda unclear what's ACTUALLY recommended. Reading the associated KB, it is described currently as 'end users can consent for any user consentable delegated permissions EXCEPT: Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All.'. But it doesn't actually describe what are 'user consentable' is... is that whatever 'low impact' permissions you set? is it something completely different? So the options are 1. Users can't consent 2. Users can consent to permissions you deem low-risk 3. Users can consent to permissions users can consent to, but not these x There isn't a feedback button on SecureScore.
user-reported phishing emails
Dear Community I have a technical question regarding user-reported emails. In Defender, under “Action and Submissions” -> “Submissions,” I can see the emails that users have reported under the “user reported” option. There, we have the option to analyze these emails and mark them as “no threats found,” “phishing,” or “spam.” The user is then informed. Question: Do these reported emails remain in the user's inbox when they report them? If not, do we have the option to return these reported emails to the user's inbox with the “No threats found” action? Because I don't see this option. In another tenant, under “Choose response Action,” I see “move or delete,” but the “inbox” option is grayed out. Why is that? Thank you very much!
Microsoft Defender for Office (MDO) - Customize Results Email for User Reported Messages
Hi all, I would like to customize the results email from MDO to the users. From the documentation, I can see the option to modify "Email body results text" and "Email footer text": Unfortunately, the documentation doesn't specify anything beyond that. Therefore, I have the following questions: What exactly is the Email "body" and "footer" in this template? (Compare to screenshot below) Is the title/header part of the "body"? What type of text from is available? (Plain/HTML/Markdown etc.) Does anyone have experience with customizing these result emails? Feedback would be appreciated, thanks!Disabling Auto Align Feature in Microsoft Defender 365 Console Alerts
The Microsoft Defender 365 console has recently started auto aligning the alert screen upon clicking on an alert name, which seems to be part of the updated alert management experience. This change is quite bothersome and distracting. How can this feature be disabled?'system has learned from the submission / mail is automatically allowed'
Hey folks, got an alert about a tenant allow//block list entry expiring. Only recently did we start getting these, because only recently did we start using expiring whitelisting. But I'm a little confused by the details, which says 'Mail from x is now automatically alllowed and the allow entry has been removed' and the activity that ''an allow entry is no longer required as the system has learned from the submission' The referenced email is actually an internal tenant - it receives ticket requests, and sends out ticket updates. But I'm REALLY curious about the 'automatic' allowing. Is this a feature limited to Defender 2, or part of Microsoft's AI detection framework for all 365 Defender/EOP? I don't even remember submitting this email - if I did, it was probably more than 45 days ago. So 1) Is this notice primarily that the entry had expired, but ALSO it's not needed or does this send out as soon as 'the system' recognizes it as legitimate, and removed regardless of the time left? 2) is there a way to review a list of entries Microsoft has 'accepted'? 3) What exactly does this 'allow'? I know that the tenant allow/block list allowed a certain set of lower-risk indicators in an email, but still blocked some higher-risk ones - unless there was a submission made. At that point, more is allowed. But there's still a limit, compared to a blanket bypass on the policy itself.Microsoft Defender EOP
We have been experiencing an issue since last week where we are unable to view the details of quarantined emails. Could you please confirm if this is related to a known backend service issue, or if there are any specific troubleshooting steps we should perform on our end? Any guidance or updates would be greatly appreciated.
