Forum Discussion
How to exclude emails from future ZapPhish auto investigations (AIR)
AlexR91 I'm thinking maybe there is a way to do this with the Azure Sentinel but seems like overkill for a whitelist task. I'm hoping MSFT team can provide guidance on this one.
Dimitry Izotov For us, the false positives are from phishing simulation test emails sent by a partner we work with (KnowBe4). In this case, they have a list of domains they use for these tests, they've asked Microsoft (and Microsoft almost certainly knows) that these domains are not malicious, yet Microsoft continues to classify them as such and provides no straight-forward workarounds. I think with Microsoft now offering its own "Attack Simulator", we're going to see them become increasingly hostile and inhospitable towards companies like KnowBe4 who, despite offering a far superior and more mature product that what Microsoft is offering, are being treated as a competitive threat.
We were planning on upgrading all of our users to Office 365 ATP Plan 2 but because we can't resolve this issue, new features like AIR that make this upgrade worth it are virtually useless. Its really quite sad that Microsoft can't play nicely with others.