Dec 13 2022 09:31 AM
Our tenant received phishing mails a few days ago from an external hacked email account with good reputation. Emails went through, and contained a link to a phishing site.
Now that I know the URL from the mail is malicious, how can I tell Microsoft 365 Defender retroactively about it?
Is there any other action I should take, e.g. check Advanced Hunting or check any other logs for that malicious URL or even the malicious sender?
Dec 13 2022 12:47 PM
Dec 15 2022 12:56 AM
@R_Gijsbers_Rademakers thanks! The URL you provided links a deprecated feature, and the newly recommended approach is to use Tennant Allow/Block list. Thank you for the hint in that direction.
The Block the following URLs list for Safe Links is in the process of being deprecated. Use block entries for URLs in the Tenant Allow/Block List instead. Messages containing the blocked URL are quarantined.
A third option I found is using the Submission center to directly submit a URL to Microsoft and block it respectively.
Dec 16 2022 11:49 AM
Hi @Kiril, happy to have pointed you in the right direction. And thanks for sharing the correct information. Br Ruud
Dec 19 2022 02:56 AM
SolutionDec 19 2022 02:56 AM
Solution