In the O365 Security & Compliance centre, Threat protection status report, I'm seeing lots of hits detected by Malicious URL reputation. However many (none?) of these emails are being bounced/quarantined/move to Spam, and I can't see where I would control this. (It's also interesting that in most situations it does not seem to be detecting a threat, but the conversations that are happening as a result of the threat, eg recipient forwarding the malicious email to the Service Desk.)
I know there are the policy settings in Threat Management -> Policy. This enables control of anti-phishing, anti-spam, anti-malware and DKIM. But what links the Malicious URL Reputation to one of these?