Firebase authentication emails are blocked by Office 365

Hi arnotixe & StefDevs,

Unfortunatley there's no much more I can do here. 

I searched around and found other forums with similar issues:

Authentication emails for the firebaseapp.com domain are going to spam or are never received [253291461] - Visible to Public - Issue Tracker (google.com)

Firebase Auth: How to connect a custom domain for email templates | by Azmi Rutkay Biyik | Medium

Firebase confirmation email : Firebase (reddit.com)

On the last test message received by arnotixe I see all quite good, only a problem with the returnpath and that SCL score, ( 5 ). 

The sender was "robot & domainname.no" and the returnpath was "

EOP is very strict with spammers, so they pay a lot of attention at the returnpath and reputation of the senders servers.

Mark messages as safe ones will help for a single O365 organization, but that doesn't mean that the same messages will go thorugh the other ones. ( And if the messages are considered High confidence SPAM/Phish, that will not help ). In the case of arnotixe I think he's quite close to a solution, as all the other headers and scans are clean. In your case, StefDevs I don't know without analyze a message header, but I'm quite sure that the issue will be the same, ( server/IP reputation, domainname, returnpath... ).

My suggestion will be to refer to the Firebase community and the fixes mentioned there. 

Microsoft Defender/EOP adapts the detection engine as per admins feedbacks, but if something seems suspicious, the security of the O365 customers environments will always be the priority, and only tenants admins will be able to "adapt" it to each own environment.

Sorry that I have not better news...