Mar 08 2021 09:32 AM - edited Mar 08 2021 09:34 AM
With the introduction of Defender for Office 365, there are several more processes that play a role in scanning emails.
The Problem:
There is no clear or effective way to whitelist security training providers from link and attachment scanning whether in the web portal, API, or Powershell.
Impact:
One or more of the systems below consistently block, scan links and/or attachments that belong to security training (not actually malicious) from several major providers, and create false positives.
Rules in place:
Sending Server IPs are whitelisted and emails are modified to set message headers such as
There does not appear to be a way to whitelist from:
Is anyone aware of a way to do this currently?
There are between 50-100 different wildcard domains needed to whitelist (if we had to do them individually).
A solution cannot include disabling the above services.
Mar 26 2021 09:43 AM