02-28-2019 03:55 AM
02-28-2019 03:55 AM
We have an internal Telephony application that uses a "non-standard" communication protocol (BTBC). When a meeting request is sent via email, it presents a link that is prefixed by BTBC:// which then spawns the telephony app.
We have had to register the BTBC protocol as trusted so as not to run into an Outlook Security Warning but the ASR rule 26190899-1602-49e8-8b27-eb1d0a1ce869 blocks the spawning of the process
Is it possible to exclude only the telephony from being prevented from being spawned or would the exclusion need to apply to the Outlook process?
03-05-2019 12:51 AM
A related question - we're licensed for O365 E3 but have taken 50 licences (so far) of Windows Defender ATP (I think by uplifting 50 licenses for Windows 10 E3>E5) - how can I access support for WDATP?
If I try to access support via https://securitycenter.microsoft.com I'm getting an error message about not having a valid Azure subscription?
I've reached out to our Microsoft Account Team but had no response as yet
03-08-2019 11:50 AM - edited 03-08-2019 11:52 AM
Here's where you will find a good start
also check out the tutorial page in the product for some cool DIYs
04-01-2019 10:19 AM
@DannyC_Gamma Maybe this has already been resolved, but the exclusions should target the file that would be the child process started by Outlook, in the case of your situation. The docs linked weren't very clear on that before, and we were a bit confused by the language, so we tested it ourselves. I think the docs may have been updated a little since then.
It does explain that exclusions apply across all rules, however - so you can't exclude a file only for a specific rule. I'm not sure there is a scenario where a file would really need one ASR blocked activity but not another.
Exclusion info here:
04-01-2019 10:48 AM
@Chris Boggs - appreciate the reply and also appreciate that my question wasn't worded particularly eloquently :)
To be honest, I guess I kind of the knew the answer to the question but just needed confirmation for the business more than anything
04-01-2019 10:50 AM