SOLVED

OneDrive sharing emails marked as malicious?

%3CLINGO-SUB%20id%3D%22lingo-sub-1244794%22%20slang%3D%22en-US%22%3EOneDrive%20sharing%20emails%20marked%20as%20malicious%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1244794%22%20slang%3D%22en-US%22%3EHi%20all%2C%3CBR%20%2F%3E%3CBR%20%2F%3EApologies%20if%20it's%20the%20wrong%20board.%20With%20the%20increase%20in%20remote%20working%2C%20we've%20seen%20more%20staff%20members%20use%20OneDrive%20or%20Teams%20to%20share%20files%20and%20comment%20on%20files%20(which%20is%20great).%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%20it%20looks%20like%20an%20inordinate%20number%20of%20legitimate%20%22x%20has%20shared%20file%20with%20you%22%20emails%20are%20marked%20as%20malicious%20by%20the%20Office%20365%20spam%2Fphish%20filter.%20These%20are%20all%20legitimate%20emails%20and%20sharing.%20Any%20suggestions%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1244794%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1245235%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20sharing%20emails%20marked%20as%20malicious%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1245235%22%20slang%3D%22en-US%22%3E%3CP%3EBest%20thing%20to%20do%20is%20report%20them%2C%20so%20MS%20can%20adjust%20their%20filters.%20Do%20not%20add%20any%20whitelisting%2C%20as%20you%20can%20potentially%20open%20your%20users%20to%20phishing%20attacks%20using%20the%20same%20template.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor
Hi all,

Apologies if it's the wrong board. With the increase in remote working, we've seen more staff members use OneDrive or Teams to share files and comment on files (which is great).

However it looks like an inordinate number of legitimate "x has shared file with you" emails are marked as malicious by the Office 365 spam/phish filter. These are all legitimate emails and sharing. Any suggestions?
1 Reply
Highlighted
Best Response confirmed by David Gorman (Regular Contributor)
Solution

Best thing to do is report them, so MS can adjust their filters. Do not add any whitelisting, as you can potentially open your users to phishing attacks using the same template.