Forum Discussion
Solved
Outlook report add-in
Hello In an effort to move away from users using "safe senders" in outlook we are considering using the report add-in. However when i review the permissions the add-in has its a bit concerning. Im r...
Hi,
Users or admins can add senders to the Safe Senders list of the mailbox, but this is not desirable in most situations since senders will bypass parts of the filtering stack. Although you trust the sender, the sender can still be compromised and send malicious content. It is best that you let our filters do what is needed to check every message and then report the false positive/negative to Microsoft if our filters got it wrong. Bypassing the filtering stack also interferes with ZAP.
As far as the Report Message add-in is concerned, the permissions are necessary. As stated in other comments, we do need to read the contents, but that is based on and only for what the end-user wants to report. The change permission is similar in that we move the message between folders when users report something. For example, if you report a phish, we will move the item from the Inbox to the Deleted Items folder if necessary.
I hope this addresses your concerns. By the way, admin submissions is also another way to submit messages to Microsoft for review without installing the add-in but it does require the admin to find instead. More details can be found here: Manage submissions - Office 365 | Microsoft Docs.
Thanks!
After reading the below article, Microsoft doesn't recommend using "safe senders". in large company this could create a lot of overhead for the O365 admin. I would like to know what other admin's are doing ?