Microsoft 365 Defender - Can you whitelist sites to keep messages out of quarantine

Copper Contributor

I've been using an Exchange 365 Online server for several years, and I also support several linux servers. In Exchange, I have a rule setup to whitelist the linux servers using SCL=-1 to bypass spam checking on the messages sent from the servers. All of the mail traffic from the servers are reports and/or backup output. At a glance every morning I can quickly tell if the servers are having problems. This has been working without problems for years.

 

Starting on August 10th, some of the messages started going missing. After a bit of research I discovered that Microsoft 365 Defender began putting some of the messages into quarantine:

 

Threats: Phish / High, Spam
Delivery action: Blocked

 

The emails being blocked are backup output from the app used on the server. It's very generic text output that mainly consists of the file names being processed by the backup.

 

This is the first time I've even looked at Microsoft 365 defender. Is there a way to white list the servers so that the emails I'm concerned about do not end up in quarantine?

 

Thanks,
Don

4 Replies

@DThimsen i am not sure if your tried this but you can whitelist the email that your Linux server is using it to send emails from your ant-spam policy 

eliekarkafy_0-1692010078059.png

@eliekarkafy  Thank you VERY much for the information. I've added the domains to the Allowed domains list in the policy rule. Hopefully, I'll know tomorrow morning if the fix works. I really appreciate the help!

Just to follow up... Yes, adding the domain name to the Inbound Anti-Spam rule allowed the messages to bypass the defender checks. Notes for any other newbie(s) like me:

1. Home - Microsoft 365 admin center and expand left menu > Security > Policies & rules > Threat policies > Anti-spam policies

2. Display the “Anti-spam inbound policy (Default)” > Click on “Edit allowed and blocked senders and domains” at the bottom of the panel.

3. Add the AWS server domain. Enter the domain name in the field, and then click on the field created below the domain name.

@DThimsen This sounds very useful, except for the fact I have absolutely no idea where any of these settings are. I use my email through the Outlook desktop app, how do I whitelist an email address?