Office365 ATP - Phishing - Many false positives

Question

Hi,&nbsp;we are having many mails marked as phishing but just are not. It would not be that bad if these email would show up in the quarantine report and the users could release them.But the mails do not show up in the report nor the users can release them.As we cannot tell an Exchange admin "it is your job now to check for false positives all day" and i did not find that many threads about it, i wonder if there is something wrong with our configuration.&nbsp;The level for detection is 0. The least aggressive.&nbsp;Best regards&nbsp;Stephan&nbsp;

stephan g · Answer

We opened a ticket at Microsoft to further investigate our problem(s)

stephan g · Answer

We ended up assigning one Exchange Admin to this task as Microsoft could not help us.

I believed that the spam filter would be better than from our Sophos UTM .. but at the end it ends up with much more manual work than before.

joacim10 · Answer

Stephan G&nbsp;&nbsp;Hi Stephan,&nbsp;We're currently experiencing the exact same problems since 4 days back. Have opened a ticket with MS but so far nothing.&nbsp;Did you ever get this resolved?&nbsp;Best regards,Joacim

christianbergstrom · Answer

Joacim10&nbsp;Hello Joacim, so are we. But it's only messages from one domain and almost all get stuck in the quarantine (legitimate also get SCL 9) as that particular domain has been flagged by Microsoft. I have a ticket raised but it's not proceeding well so I have engaged our assigned incident manager and service manger and waiting for response.

Forum Discussion

Office365 ATP - Phishing - Many false positives

4 Replies