Sep 16 2019 01:47 PM
I know the time it takes to scan will vary but does it matter if the user keeps the email open that contains the attachment that's being scanned vs closing the email and checking back in 5 minutes or that makes no difference?
Also, can I whitelist or create a rule to have specific domains bypass ATP?
Sep 16 2019 07:06 PM
I find most of the time 2-5 minutes and the attachment is available.
I ended up turning off the setting that delivered the email without the attachment due to complaints from users they couldn't open it. It seemed like a good idea when I set it up but the users got frustrated.
Now the email gets delivered once the attachment has been scanned and the only time they notice the delay is with emails from the copier which no longer arrive instantly.
For your second question, try a mail flow rule which sets the message header to X-MS-Exchange-Organization-SkipSafeAttachmentProcessing and the value to 1 and set it to apply under specific conditions such as sender domain.
Sep 17 2019 04:22 AM
No, it doesn't matter if you open the email, view it, etc. It's all done on the backend.
And just to add an article detailing the solution @PaulaSillars provided: https://www.undocumented-features.com/2018/05/10/atp-safe-attachments-safe-links-and-anti-phishing-p...
Sep 17 2019 06:15 AM
Sep 17 2019 06:18 AM
Sep 17 2019 02:36 PM
@PS_83 I have seen that happen once and it seemed to come right on its own after around an hour. It was shortly after we deployed ATP and I was still working through the configuration process. I turned off Dynamic Delivery and no more user complaints.
Sep 17 2019 02:36 PM
@Vasil Michev Thanks for posting the link with the instructions :)
Sep 19 2019 06:13 AM
@PaulaSillars Which setting do you have it set to so that internal users get the email only after it's been scanned? Replace?
Sep 19 2019 02:46 PM