Jul 20 2022 07:59 AM
Recently we have had several "phishing" or "Phishing email domain" alerts in MS 365 Defender (security.microsoft.com) in which the URL visited is either a school ISD webpage (http://www.friscoisd.org) or a local ISP (http://www.optimum.net:443 ). The issue originally was that the Defender Smart Screen would block any visit to those domains. At least I thought that was the issue as to why the triggers were activated. As they are legitimate sites, the ITIS team recently lifted those block in Smart Screen. However, we are still getting those sites triggered in MS 365 Defender.
1) Was Smart Screen part of the trigger alert?
2) What is setting off the triggers?
3) How do I get so that those alerts triggers are not activated anymore?
Note: I have done a suppression rule prior to the Smart Screen being updated. But I shouldn't need to have that in place anymore if the smart screen no longer blocks the sites.
Jul 20 2022 01:45 PM
Jul 20 2022 02:39 PM