SOLVED

Exclude Safety Tips from certain sender?

%3CLINGO-SUB%20id%3D%22lingo-sub-1889816%22%20slang%3D%22en-US%22%3EExclude%20Safety%20Tips%20from%20certain%20sender%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1889816%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20HR%20must%20use%20SurveyMonkey%20for%20sending%20out%20surveys.%20While%20I%20can%20exclude%20it%20from%20Junk%20Folder%20in%20O365%20ATP%2FDefender%20for%20O365%2C%20Outlook%20still%20displays%20a%20warning%3A%20%3CEM%3E%22Jane.Doe%40ourcompany.com%20via%20SurveyMonkey%20%3CMEMBER%3E%22.%26nbsp%3B%3C%2FMEMBER%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FEM%3EThe%20warning%20itself%20is%20very%20good%2C%20but%20for%20this%20specific%20user%20I%20would%20like%20to%20exclude%20it.%26nbsp%3BPossible%20without%20disabling%20all%20Safety%20Tips%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2FB%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20grey%20field%20is%20the%20Safety%20Tip%20is%20generated%20by%20policy%20(I%20at%20least%20assume).%20The%20yellow%20is%20a%20custom%20transport%20rule%20we%20have%20to%20warn%20our%20users.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22surveymonkey-warning.png%22%20style%3D%22width%3A%20961px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F233706i1EC4CB08AC2B3A27%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22surveymonkey-warning.png%22%20alt%3D%22surveymonkey-warning.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1930547%22%20slang%3D%22en-US%22%3ERe%3A%20Exclude%20Safety%20Tips%20from%20certain%20sender%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1930547%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F134719%22%20target%3D%22_blank%22%3E%40Bj%C3%B6rn%20Lagerwall%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20theory%20I%20believe%20that%20you%20can%20turn%20off%20the%20spoofing%20tip%20for%20a%20specific%20sender%2C%20but%20not%20a%20specific%20recipient.%20At%20the%20foot%20of%20your%20anti-spam%20policies%20(currently)%20on%20the%20Security%20%26amp%3B%20Compliance%20portal%2C%20Threat%20Mangement%2C%20Policy%20leaf%20there%20is%20a%20special%20special%20line%20called%20Spoof%20Intelligence%20Policy.%20Take%20the%20option%20to%20review%20spoofs%20(always%20an%20education)%20and%20find%20your%20sender.%20Change%20the%20Allowed%20To%20Spoof%20from%20No%20to%20Yes%20and%20please%20let%20us%20know%20if%20that%20works.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBe%20warned%20that%20on%20a%20tenancy%20of%20any%20size%2C%20the%20policy%20is%20%5Bsomewhat%20slow%5D%20to%20display.%20The%20sender%20also%20has%20to%20be%20tagged%20once%20before%20they%20can%20be%20exempted.%20I%20would%20further%20be%20interested%20to%20know%20how%20many%20exemptions%20the%20policy%20can%20hold.%20Those%20following%20Secure%20by%20Default%20will%20not%20be%20surprised%20that%20only%20senders%20and%20not%20sending%20domains%20can%20be%20exempted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20this%20theory%20is%20correct%20then%20the%20location%20of%20the%20special%20special%20line%20on%20portal%20means%20that%20you%20cannot%20have%20multiple%20settings%20for%20different%20policies%20so%20you%20cannot%20have%20a%20different%20setting%20for%20a%20specific%20recipient%20or%20group%20of%20recipients%2C%20but%20I%20may%20be%20wrong%20and%20as%20we%20know%2C%20all%20things%20change%20sooner%20rather%20than%20later.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1930567%22%20slang%3D%22en-US%22%3ERe%3A%20Exclude%20Safety%20Tips%20from%20certain%20sender%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1930567%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F523058%22%20target%3D%22_blank%22%3E%40ExMSW4319%3C%2FA%3E%26nbsp%3BThank%20you%20for%20the%20reply!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20survey%20was%20sent%20out%20last%20week%20and%20we%20informed%20all%20our%20users%20instead.%20I%20believe%20next%20time%20we're%20moving%20to%20forms%20instead.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi all,

 

Our HR must use SurveyMonkey for sending out surveys. While I can exclude it from Junk Folder in O365 ATP/Defender for O365, Outlook still displays a warning: "Jane.Doe@ourcompany.com via SurveyMonkey <member@surveymonkeyuser.com>". 



The warning itself is very good, but for this specific user I would like to exclude it. Possible without disabling all Safety Tips?

 

Thanks

 

/B

 

The grey field is the Safety Tip is generated by policy (I at least assume). The yellow is a custom transport rule we have to warn our users.

surveymonkey-warning.png

3 Replies
best response confirmed by Björn Lagerwall (Contributor)
Solution

@Björn Lagerwall 

 

In theory I believe that you can turn off the spoofing tip for a specific sender, but not a specific recipient. At the foot of your anti-spam policies (currently) on the Security & Compliance portal, Threat Mangement, Policy leaf there is a special special line called Spoof Intelligence Policy. Take the option to review spoofs (always an education) and find your sender. Change the Allowed To Spoof from No to Yes and please let us know if that works.

 

Be warned that on a tenancy of any size, the policy is [somewhat slow] to display. The sender also has to be tagged once before they can be exempted. I would further be interested to know how many exemptions the policy can hold. Those following Secure by Default will not be surprised that only senders and not sending domains can be exempted.

 

If this theory is correct then the location of the special special line on portal means that you cannot have multiple settings for different policies so you cannot have a different setting for a specific recipient or group of recipients, but I may be wrong and as we know, all things change sooner rather than later.

@ExMSW4319 Thank you for the reply! 

 

The survey was sent out last week and we informed all our users instead. I believe next time we're moving to forms instead. 

Beware that in the first quarter of 2019 the abuse (not spoofing) of Forms was so bad that I had to edit our web policies to present a proxy warning on any Forms link. In fairness to Microsoft they have always had a "do not enter any password" warning on Forms and have made a number of improvements since, but we found that a few well-chosen graphics were enough to make recipients ignore the warnings and the defences I've seen in the Message Center recently are to do with intruders abusing an organisation's own forms. The phishing problem was presumably from the freemail and low customer tier on O365 with weak administration and probably no MFA. Unlike SPO, Forms URLs are nicely anonymous. I have not looked to see how busy my policy has been of late.