cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tenant policy (verdict override) Exchange Online

ewinonait
Copper Contributor

‎Jan 06 2020 11:37 AM - last edited on ‎Apr 01 2022 12:15 PM by

‎Jan 06 2020 11:37 AM - last edited on ‎Apr 01 2022 12:15 PM by

Tenant policy (verdict override) Exchange Online

Hey All,

 

My company recently received a spoofed phishing email from noreply@[companyname].com and it passed through both our spam and phishing filters.  Upon further inspection, it had an SPF fail and originated from Vietnam (Which we block all emails from).  My question is that when submitting the email under Threat Management -> Submissions in the Office 365 Security & Compliance Center, this is what I get when its submitted:

Review your Tenant policy (verdict override). At the time of delivery, you had sufficient security mechanisms to block this threat. However, they were overridden by your Tenant policy (verdict override)
 
I looked in all of the setting and can't find where this email would have sneaked through.
 
Any thoughts?
Labels:
3,488 Views
0 Likes
4 Replies
Reply
4 Replies
Vasil Michev

‎Jan 07 2020 12:08 AM

‎Jan 07 2020 12:08 AM

Re: Tenant policy (verdict override) Exchange Online

Just run a message trace, it will let you know why. Most likely some sort of a whitelist.

1 Like
Reply
ewinonait

‎Jan 07 2020 05:43 AM

‎Jan 07 2020 05:43 AM

Re: Tenant policy (verdict override) Exchange Online

Thanks@Vasil Michev !

 

It turns out we had our own domain whitelisted which led to the override of our other security policies.

0 Likes
Reply
Vasil Michev

‎Jan 07 2020 08:48 AM

‎Jan 07 2020 08:48 AM

Re: Tenant policy (verdict override) Exchange Online

That's not as uncommon as one might think - removing your own domain from any whitelists is practically the #1 recommendation from the EOP folks lately.

0 Likes
Reply
Robert Göransson

‎Nov 30 2020 01:59 AM

‎Nov 30 2020 01:59 AM

Re: Tenant policy (verdict override) Exchange Online

@ewinonait How did you discover this whitelist your domain was in? Ive got the excact same situation as you, and have done a message trace - but theres no info for me to act on. Just logs about how it was delivered OK (when it should not)

0 Likes
Reply