Phishing and Email Security

Copper Contributor

A user in our org was phished.  We are making changes on swapping to phishing resistant MFA but what I am more concerned about is how Microsoft didn't catch the email with the malicious attachment.  I reported it to Microsoft and after investigation, the dashboard shows "Reclassified as Bulk".  While the incident took place, I scanned with Virus Total and numerous scanners already had the file labeled malicious and labeled phishing.  The Microsoft scanner showed undetected.  2 weeks later and more scanners show phishing with Microsoft STILL showing undetected. 


1.  Google and other prominent scanners show phishing, but Microsoft does not.  How can that be?

2.  How do I add more reliable scanners into our Microsoft environment to check?

3.  Any other suggestions?  


Please see the screenshot for the detections. 


2 Replies



Possible to enable ATP (Defender)?

We have this same issue. We have hundreds of obvious phishing emails being delivered to our users. Some of them contain dangerous links and attachments that go unblocked or are removed several minutes post delivery by ZAP. We use Defender and have the settings as aggressive as allowed. We're also looking for a 3rd party solution or anything to help. We tried KnowBe4 PhishER+ to manage our block list, but it was capped at 500 entries by Microsoft. We previously used Mimecast and it was great, but had to eliminate it due to the cost.