Ninja Cat Giveaway: Episode 2 | Mastering email authentication and slashing overrides: Part 2


For this episode, your opportunity to win a plush ninja cat is the following -

Reply to this thread with: Did you spot ninja cat throughout episode? Mention your favorite on-screen ninja cat appearance in this episode along with one thing you’ve learned from this episode of the Ninja Show! 


This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.

54 Replies

@Heike Ritter 


Spotted Ninja cat abseiling down Paul and Heike's walls - that's one fearless feline!


I learned of the existence of those awesome KQL queries to hunt out details of mail being delivered via existing overrides - great resource!!!

Ninja Cat - quite a few appearances, I rather like the ninja cat on shoulder at 8:13.
For me the most value is from the Learn article on finding potentially problematic overrides, at

i love it when the ninja cat appears from behind the paintings!
I learned that I can help Microsoft learn how to properly categorize emails as false positives or false negatives

@Heike Ritter 

I saw a ninja cat sweeping across the bottom of the video :) One thing I learned was how "allowlisting" a sender is actually an override of other security controls, including protection against phishing such as spoofing of a P2 field.
My favorite on-screen ninja cat appearance was when Ninja cat peeked out from the bottom of Paul's painting on the wall. One thing that I learned was the benefit of using advanced hunting within Microsoft 365 Defender to identify potential risks/threats with allowlisting and to take corrective action.
At 8:13 the ninja cat appeared at the back of Paul and I liked this moment the most :D
What I have in learned in this episode is how important the overrides are and how they can be checked. I already checked all customer environments what overrides are configured I don't know about. Really helpful.
Liked the ninja cat hanging on the shortlink for the recommendations. Learned some new nice KQL queries assessing the Mail Events that I will come back to for sure!
Thanks for another submission!!! You already earned a plushy <3
I love the ninja cat behind the painting and my dog loved it everywhere on the screen ;)

I have learned to avoid overrides and if I need to do it secure that the sender side adding authentication mechanism (SPF, DKIM, DMARC) and do it in a proper way. I have also learned that I am able to see when override is happening in my environment with KQL for example, happy hunting!

@Heike Ritter  I'm glad this show was mentioned yesterday during Microsoft Security!  In this episode, I loved the pole-vaulting cat on the artwork over Paul's shoulder.  Some of the KQL queries he demonstrated are going to be very useful for trying to troubleshoot issues!

Great episode. I hadn't given much thought to Allow lists and had added users/domains in the past without giving it much thought. I'll certainly be reviewing that now! My favourite ninja cat was the one being chased by the dog :)

I liked the time when Ninja Cat hid behind the art hanging on the wall :)

I also learned a lot of great information on Advanced Hunting that I did not know before.

Thanks for hosting these episodes - @Heike Ritter 

I saw a littel Ninja on your right Shoulder (on your view) at the start from the episode. Was a good Video. The subject with the allow list was for me interessting, then we have that so many times. And we doing wrong. But now we do it without.
For me, advanced hunting with KQL is the fastest and most powerful way for deep investigation. Thanks for sharing the queries. Therefore, I also give my vote for the "cat1", that appeared behind the flyout in advanced hunting.

@Heike Ritter & Paul, 

Thank you for this, really appreciate the info being shared. Especially, not to add vendors and partners to Allow list!! Saw the cat through the video, like the cat rappelling down the wall!!