Home

Threat Management

%3CLINGO-SUB%20id%3D%22lingo-sub-749541%22%20slang%3D%22en-US%22%3EThreat%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749541%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20O365%20Security%20%26amp%3B%20Compliance%20centre%2C%20Threat%20protection%20status%20report%2C%20I'm%20seeing%20lots%20of%20hits%20detected%20by%20Malicious%20URL%20reputation.%26nbsp%3B%20However%20many%20(none%3F)%20of%20these%20emails%20are%20being%20bounced%2Fquarantined%2Fmove%20to%20Spam%2C%20and%20I%20can't%20see%20where%20I%20would%20control%20this.%20(It's%20also%20interesting%20that%20in%20most%20situations%20it%20does%20not%20seem%20to%20be%20detecting%20a%20threat%2C%20but%20the%20conversations%20that%20are%20happening%20as%20a%20result%20of%20the%20threat%2C%20eg%20recipient%20forwarding%20the%20malicious%20email%20to%20the%20Service%20Desk.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20there%20are%20the%20policy%20settings%20in%20Threat%20Management%20-%26gt%3B%20Policy.%26nbsp%3B%20This%20enables%20control%20of%20anti-phishing%2C%20anti-spam%2C%20anti-malware%20and%20DKIM.%26nbsp%3B%20But%20what%20links%20the%20Malicious%20URL%20Reputation%20to%20one%20of%20these%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-749541%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%20center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Lloyd Adams
Regular Contributor

In the O365 Security & Compliance centre, Threat protection status report, I'm seeing lots of hits detected by Malicious URL reputation.  However many (none?) of these emails are being bounced/quarantined/move to Spam, and I can't see where I would control this. (It's also interesting that in most situations it does not seem to be detecting a threat, but the conversations that are happening as a result of the threat, eg recipient forwarding the malicious email to the Service Desk.)

 

I know there are the policy settings in Threat Management -> Policy.  This enables control of anti-phishing, anti-spam, anti-malware and DKIM.  But what links the Malicious URL Reputation to one of these?