Microsoft Defender 365 - Quarantine

Copper Contributor

Hi to all,

 

I have problem with High Confidence Phish on my tenant. Many inbound mails are blocked and sent to quarantine. I release around 100 emails with false positive case in the last few days. The problem started appearing on 24.7.2023.. I reported the problem to microsoft but i got reply that evrything is fine from their side. Nothing has been changed on the system itselft. The problem  appeared on itself.

 

Does anyone have information on what could be the problem?

5 Replies
the incoming emails marked as Phish are from one domain or multiple domains ?
from multiple domains. almost every mail is from different domain
what is the Phishing threshold in your Anti-Phishing Policy in MDO ? any changes have been to this policy during that week ?
Nothing has been changed. Is about preset security polices, standard default protection is enabled. It is the only policy that has been applied and it is a default template

@djolear 

 

Hi there, sorry to hear that but I am having exactly the same issue.

Would like to know more about your environment and what you are using. 

 

There was a change from Microsoft and it is this one: 

cyber3gg__0-1690819356399.png

You can find that by easily going into the Message Center from Admin portal.

In short, the policy default setting was changed from None to High Confidence Phish. 

 

So if you were using the "Default" option, now instead of "None" you have High Confidence.

I am currently working with an Escalation engineer from Microsoft to resolve the issues on our side as we changed the setting to "none" but issue still exists.