Forum Discussion

DThimsen's avatar
DThimsen
Copper Contributor
Aug 14, 2023

Microsoft 365 Defender - Can you whitelist sites to keep messages out of quarantine

I've been using an Exchange 365 Online server for several years, and I also support several linux servers. In Exchange, I have a rule setup to whitelist the linux servers using SCL=-1 to bypass spam checking on the messages sent from the servers. All of the mail traffic from the servers are reports and/or backup output. At a glance every morning I can quickly tell if the servers are having problems. This has been working without problems for years.

 

Starting on August 10th, some of the messages started going missing. After a bit of research I discovered that Microsoft 365 Defender began putting some of the messages into quarantine:

 

Threats: Phish / High, Spam
Delivery action: Blocked

 

The emails being blocked are backup output from the app used on the server. It's very generic text output that mainly consists of the file names being processed by the backup.

 

This is the first time I've even looked at Microsoft 365 defender. Is there a way to white list the servers so that the emails I'm concerned about do not end up in quarantine?

 

Thanks,
Don

Microsoft Defender for Office 365
  • eliekarkafy's avatar
    eliekarkafy
    MVP
    Aug 14, 2023

    DThimsen i am not sure if your tried this but you can whitelist the email that your Linux server is using it to send emails from your ant-spam policy 

    • DThimsen's avatar
      DThimsen
      Copper Contributor
      Aug 14, 2023

      eliekarkafy  Thank you VERY much for the information. I've added the domains to the Allowed domains list in the policy rule. Hopefully, I'll know tomorrow morning if the fix works. I really appreciate the help!

      • DThimsen's avatar
        DThimsen
        Copper Contributor
        Aug 15, 2023
        Just to follow up... Yes, adding the domain name to the Inbound Anti-Spam rule allowed the messages to bypass the defender checks. Notes for any other newbie(s) like me:

        1. Home - Microsoft 365 admin center and expand left menu > Security > Policies & rules > Threat policies > Anti-spam policies

        2. Display the “Anti-spam inbound policy (Default)” > Click on “Edit allowed and blocked senders and domains” at the bottom of the panel.

        3. Add the AWS server domain. Enter the domain name in the field, and then click on the field created below the domain name.

Resources