cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Exclude Safety Tips from certain sender?

Björn Lagerwall
Brass Contributor

‎Nov 16 2020 01:23 AM

‎Nov 16 2020 01:23 AM

Exclude Safety Tips from certain sender?

Hi all,

 

Our HR must use SurveyMonkey for sending out surveys. While I can exclude it from Junk Folder in O365 ATP/Defender for O365, Outlook still displays a warning: "Jane.Doe@ourcompany.com via SurveyMonkey <member@surveymonkeyuser.com>". 



The warning itself is very good, but for this specific user I would like to exclude it. Possible without disabling all Safety Tips?

 

Thanks

 

/B

 

The grey field is the Safety Tip is generated by policy (I at least assume). The yellow is a custom transport rule we have to warn our users.

surveymonkey-warning.png

3,761 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Björn Lagerwall (Brass Contributor)
ExMSW4319

‎Nov 25 2020 04:16 AM

‎Nov 25 2020 04:16 AM

Solution

Re: Exclude Safety Tips from certain sender?

@Björn Lagerwall 

 

In theory I believe that you can turn off the spoofing tip for a specific sender, but not a specific recipient. At the foot of your anti-spam policies (currently) on the Security & Compliance portal, Threat Mangement, Policy leaf there is a special special line called Spoof Intelligence Policy. Take the option to review spoofs (always an education) and find your sender. Change the Allowed To Spoof from No to Yes and please let us know if that works.

 

Be warned that on a tenancy of any size, the policy is [somewhat slow] to display. The sender also has to be tagged once before they can be exempted. I would further be interested to know how many exemptions the policy can hold. Those following Secure by Default will not be surprised that only senders and not sending domains can be exempted.

 

If this theory is correct then the location of the special special line on portal means that you cannot have multiple settings for different policies so you cannot have a different setting for a specific recipient or group of recipients, but I may be wrong and as we know, all things change sooner rather than later.

0 Likes
Reply
Björn Lagerwall

‎Nov 25 2020 04:25 AM

‎Nov 25 2020 04:25 AM

Re: Exclude Safety Tips from certain sender?

@ExMSW4319 Thank you for the reply! 

 

The survey was sent out last week and we informed all our users instead. I believe next time we're moving to forms instead. 

0 Likes
Reply
ExMSW4319

‎Nov 25 2020 04:33 AM

‎Nov 25 2020 04:33 AM

RE: Exclude Safety Tips from certain sender?

Beware that in the first quarter of 2019 the abuse (not spoofing) of Forms was so bad that I had to edit our web policies to present a proxy warning on any Forms link. In fairness to Microsoft they have always had a "do not enter any password" warning on Forms and have made a number of improvements since, but we found that a few well-chosen graphics were enough to make recipients ignore the warnings and the defences I've seen in the Message Center recently are to do with intruders abusing an organisation's own forms. The phishing problem was presumably from the freemail and low customer tier on O365 with weak administration and probably no MFA. Unlike SPO, Forms URLs are nicely anonymous. I have not looked to see how busy my policy has been of late.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Björn Lagerwall (Brass Contributor)
ExMSW4319

‎Nov 25 2020 04:16 AM

‎Nov 25 2020 04:16 AM

Solution

Re: Exclude Safety Tips from certain sender?

@Björn Lagerwall 

 

In theory I believe that you can turn off the spoofing tip for a specific sender, but not a specific recipient. At the foot of your anti-spam policies (currently) on the Security & Compliance portal, Threat Mangement, Policy leaf there is a special special line called Spoof Intelligence Policy. Take the option to review spoofs (always an education) and find your sender. Change the Allowed To Spoof from No to Yes and please let us know if that works.

 

Be warned that on a tenancy of any size, the policy is [somewhat slow] to display. The sender also has to be tagged once before they can be exempted. I would further be interested to know how many exemptions the policy can hold. Those following Secure by Default will not be surprised that only senders and not sending domains can be exempted.

 

If this theory is correct then the location of the special special line on portal means that you cannot have multiple settings for different policies so you cannot have a different setting for a specific recipient or group of recipients, but I may be wrong and as we know, all things change sooner rather than later.

View solution in original post

0 Likes
Reply