Microsoft Defender 365 - Quarantine

Question

Hi to all,&nbsp;I have problem with High Confidence Phish on my tenant. Many inbound mails are blocked and sent to quarantine. I release around 100 emails with false positive case in the last few days. The problem started appearing on 24.7.2023.. I reported the problem to microsoft but i got reply that evrything is fine from their side. Nothing has been changed on the system itselft. The problem&nbsp; appeared on itself.&nbsp;Does anyone have information on what could be the problem?

eliekarkafy · Answer

the incoming emails marked as Phish are from one domain or multiple domains ?

djolear · Answer

from multiple domains. almost every mail is from different domain

eliekarkafy · Answer

what is the Phishing threshold in your Anti-Phishing Policy in MDO ? any changes have been to this policy during that week ?

djolear · Answer

Nothing has been changed. Is about preset security polices, standard default protection is enabled. It is the only policy that has been applied and it is a default template

cyber3gg_ · Answer

djolear&nbsp;&nbsp;Hi there, sorry to hear that but I am having exactly the same issue.Would like to know more about your environment and what you are using.&nbsp;&nbsp;There was a change from Microsoft and it is this one:&nbsp;You can find that by easily going into the Message Center from Admin portal.In short, the policy default setting was changed from None to High Confidence Phish.&nbsp;&nbsp;So if you were using the "Default" option, now instead of "None" you have High Confidence.I am currently working with an Escalation engineer from Microsoft to resolve the issues on our side as we changed the setting to "none" but issue still exists.&nbsp;&nbsp;

Forum Discussion

Microsoft Defender 365 - Quarantine

Share

Resources