we are having many mails marked as phishing but just are not. It would not be that bad if these email would show up in the quarantine report and the users could release them.
But the mails do not show up in the report nor the users can release them.
As we cannot tell an Exchange admin "it is your job now to check for false positives all day" and i did not find that many threads about it, i wonder if there is something wrong with our configuration.
The level for detection is 0. The least aggressive.