Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

query MC226683 Secure by Default - honoring ATP detonations

Iron Contributor

Under MC226683, Exchange Online Anti-spam policies and Safe Sender policies will no longer exempt listed senders of mail stopped as high-confidence phishes.


1) Should any questions on this topic be asked here, or over in the Exchange community? The Product Formerly Known as ATP has always seemed to fall somewhere between the two.


2) Assuming this is the right forum, do we know what action the product will take now that exemptions are not allowed for high-confidence phish?


3) Assuming a particular sender persistently ends up being detained as a high-confidence phisher by the product and we can see that there is no problem with the mail, what precisely are we supposed to do?

1 Reply

@ExMSW4319, thanks, responding to each of your questions below:

  1. Yes, this is correct - please ask questions here in the MDO community. Office ATP is now Microsoft Defender for Office 365.
  2. Because Microsoft wants to keep our customers secure by default, some tenants overrides are not applied for malware or high confidence phish. These overrides include: Allowed sender lists or allowed domain lists (anti-spam policies), Outlook Safe senders. Phishing email identified as "high confidence" will be handled according to the anti-spam policy action.  For additional details, please see Secure by default in Office 365 - Office 365 | Microsoft Docs
  3. In such cases, please utilize admin submissions. For details, please refer to Admin submissions - Office 365 | Microsoft Docs.