Forum Discussion
Phishing Filter - M365 ATP - false positives blocked or clear spam messages get into inbox.
Hi everyone, we are having problems with our filter. We used Sophos UTM before but switched our MX now to M365 as there are 99% of the mailboxes. But we don't really get the logic behind the fil...
Have you verified from the mail that was sent out from the CEO?
have you checked headers to see where it was sent and why it might have passed your spam filter?
I assume you haven't whitelisted your own domain?
I highly recommend using the ORCA module to verify that your ATP is setup according best practices.
https://www.powershellgallery.com/packages/ORCA/1.6.3
have you checked headers to see where it was sent and why it might have passed your spam filter?
I assume you haven't whitelisted your own domain?
I highly recommend using the ORCA module to verify that your ATP is setup according best practices.
https://www.powershellgallery.com/packages/ORCA/1.6.3
Hi. Thanks for your quick email.
I checked the message header and it was received from an internet provider (not ours) from Germany. So it should have been blocked.
We did not add our domain on the allowed list ( i checked 😉 ) and the sender ip is not in our allowed IP list in the mail rule.
Thanks for the tip with ORCA. I will check this tool.
---
Cannot install it on my Admin machine though
Name : ConsoleHost
Version : 5.1.14409.1018
Can be installed on my Win 1909 machine (but from there i am not allowed to perform this 😉 )
Error:
WARNING: Source Location 'https://www.powershellgallery.com/api/v2/package/ORCA/1.6.3' is not valid.
PackageManagement\Install-Package : Package 'ORCA' failed to download.