Event banner

Microsoft Defender for Office 365 Ask Microsoft Anything

Event Ended
Wednesday, May 31, 2023, 09:00 AM PDT
In-Person

Event details

This March we announced the public preview of collaboration security for Microsoft Teams. We are bringing the full feature set that customers use to protect their email environments across prevention...
Trevor_Rusher
Updated May 31, 2023
microsoft defender for office 365
CRL55's avatar
CRL55
Copper Contributor
May 31, 2023
Can we 'allow list' internal senders who are getting blocked from sending outbound due to the following. ? (Basically a false positive) "Alert description  User has been detected as sending suspicious messages outside the organization and will be restricted if this activity continues. -V1.0.0.1"
Dhairyya_Agarwal's avatar
Dhairyya_Agarwal
Icon for Microsoft rankMicrosoft
May 31, 2023
Thanks for your question, CRL55. That is not possible as it when you get this alert it might be sign of an account compromise as the user might be sending malicious messages out. So, you need to actually need to check or tweak your outbound policy.
  • CRL55's avatar
    CRL55
    Copper Contributor
    May 31, 2023
    Thanks - but weve been around the houses and investigated to the nth degree and the email/sender/ip/contents/attachment are also completely legitimate. Having to go into 'restricted entities' every other day to clear unblock them is a bit of a pain. Thanks Anyway
Location
Microsoft Tech Community
Date and Time
May 31, 20239:00 AM - 10:00 AM PDT