Forum Discussion
Suspicious URL clicked Alert although URL has an Allow Indicator
Hi all, MDE is detecting 3rd party phishing simulation campaign links as suspicious (3rd party phishing simulation is configured in M365D). Now I added an custom Allow indicator for that URL. Ho...
Hello Gunter Danzeisen
It's been a while since you placed your post. So you may already figure it out.
Anyway I think you just need to tune the alert. Allow rule means the users will be able to reach that URL. Some behavioral analysis still flags those as suspicious.
Best
Marcin