Home

Advanced threat protection - Whitelist Users/Internal Mail Servers?

%3CLINGO-SUB%20id%3D%22lingo-sub-21285%22%20slang%3D%22en-US%22%3EAdvanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-21285%22%20slang%3D%22en-US%22%3E%3CP%3EGreetings%2C%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20implementing%20advanced%20threat%20protection%20we%20have%20recieved%20many%20complaints%20from%20end%20users%20across%20the%20organizaton%20that%20use%20a%20printer%20to%20scan%20a%20file%20in%20and%20email%20it%20to%20themselves.%20After%20looking%20at%20the%20Safe%20Attachements%20Policy%20it%20seems%20there%20is%20no%20way%20to%20whitelist%20a%20sender%2C%20or%20set%20a%20safe%20senders%20list.%20Is%20this%20something%20that%20is%20being%20considered%20for%20future%20addition%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F14432%22%20target%3D%22_blank%22%3E%40Victor%20Ungureanu%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22profile-avatar%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-21285%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-146506%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-146506%22%20slang%3D%22en-US%22%3E%3CP%3Edead%20link%20!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-146501%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-146501%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20still%20has%20not%20been%20addressed%20by%20Microsoft%20in%20a%20practical%20manner.%20The%20dynamic%20delivery%20does%20little%20if%20anything%20for%20delays%20that%20can%20take%20upwards%20of%205%20min%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-21544%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-21544%22%20slang%3D%22en-US%22%3EI'm%20not%20aware%20of%20such%20a%20plan%20and%2C%20even%20if%20it%20exists%2C%20I%20don't%20think%20that's%20a%20priority%20because%20there%20is%20this%20possibility%20to%20use%20a%20transport%20rule.%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20guessing%20that%20the%20delay%20in%20receiving%20the%20emails%20is%20the%20reason%20for%20which%20you%20would%20like%20to%20be%20able%20to%20exclude%20some%20senders%20from%20scanning.%20I%20know%20that%20it's%20not%20a%20good%20solution%20for%20your%20scenario%2C%20but%20there%20is%20a%20new%20feature%20called%20Dynamic%20Delivery%20for%20Safe%20Attachments%20(%3CA%20href%3D%22https%3A%2F%2Fblogs.office.com%2F2016%2F01%2F14%2Fleading-the-way-in-the-fight-against-dangerous-email-threats%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.office.com%2F2016%2F01%2F14%2Fleading-the-way-in-the-fight-against-dangerous-email-threats%2F%3C%2FA%3E)%20which%20was%20designed%20exactly%20for%20this%20purpose%2C%20to%20mitigate%20the%20impact%20of%20the%20delayed%20delivery%2C%20so%20there%20were%20some%20investments%20done%20in%20this%20area.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-21539%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-21539%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Victor%2C%3C%2FP%3E%3CP%3EI%20did%20find%20that%20thread%20and%20implemented%20the%20workaround.%20Thanks%20for%20the%20reference.%20Is%20this%20something%20you%20plan%20on%20building%20into%20the%20ATP%20Settings%20Page%20any%20time%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-21384%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20threat%20protection%20-%20Whitelist%20Users%2FInternal%20Mail%20Servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-21384%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Robert%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20check%20this%20out%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-compliance-protection%2Fsuggestions%2F9292590-advanced-threat-protection-whitelist%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-compliance-protection%2Fsuggestions%2F9292590-advanced-threat-protection-whitelist%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20simplicity%2C%20I'll%20also%26nbsp%3Bquote%20the%20answer%20from%20there%3A%3C%2FP%3E%3CP%3E%22We%20believe%20that%20most%20of%20the%20widespread%20performance%20issues%20with%20%3CSPAN%20class%3D%22caps%22%3EATP%3C%2FSPAN%3E%20have%20been%20addressed.%20That%20said%2C%20we%20have%20even%20more%20features%20scheduled%20that%20will%20allow%20you%20the%20flexibility%20to%20decide%20what%20to%20do%20when%20it%20takes%20too%20long.%3C%2FP%3E%3CP%3EIn%20the%20meantime%2C%20you%20may%20also%20consider%20creating%20an%20Exchange%20Transport%20Rule%20that%20adds%20the%20header%20X-MS-Exchange-Organization-SkipSafeAttachmentProcessing%20to%20value%20of%201.%3C%2FP%3E%3CP%3EJust%20be%20careful%20with%20any%20such%20rules%2C%20as%20it%20will%20essentially%20disable%20%3CSPAN%20class%3D%22caps%22%3EATP%3C%2FSPAN%3E%20safe%20attachment%20scanning%20for%20rules%20which%20meet%20the%20criteria.%22%3C%2FP%3E%3C%2FLINGO-BODY%3E
Robert Woods
Super Contributor

Greetings, 

Since implementing advanced threat protection we have recieved many complaints from end users across the organizaton that use a printer to scan a file in and email it to themselves. After looking at the Safe Attachements Policy it seems there is no way to whitelist a sender, or set a safe senders list. Is this something that is being considered for future addition?

 

@Victor Ungureanu

 

 
5 Replies

Hi Robert,

 

Please check this out:

https://office365.uservoice.com/forums/289138-compliance-protection/suggestions/9292590-advanced-thr...

 

For simplicity, I'll also quote the answer from there:

"We believe that most of the widespread performance issues with ATP have been addressed. That said, we have even more features scheduled that will allow you the flexibility to decide what to do when it takes too long.

In the meantime, you may also consider creating an Exchange Transport Rule that adds the header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing to value of 1.

Just be careful with any such rules, as it will essentially disable ATP safe attachment scanning for rules which meet the criteria."

Hello Victor,

I did find that thread and implemented the workaround. Thanks for the reference. Is this something you plan on building into the ATP Settings Page any time?

 

I'm not aware of such a plan and, even if it exists, I don't think that's a priority because there is this possibility to use a transport rule.

I'm guessing that the delay in receiving the emails is the reason for which you would like to be able to exclude some senders from scanning. I know that it's not a good solution for your scenario, but there is a new feature called Dynamic Delivery for Safe Attachments (https://blogs.office.com/2016/01/14/leading-the-way-in-the-fight-against-dangerous-email-threats/) which was designed exactly for this purpose, to mitigate the impact of the delayed delivery, so there were some investments done in this area.

This still has not been addressed by Microsoft in a practical manner. The dynamic delivery does little if anything for delays that can take upwards of 5 min