SOLVED

Microsoft Exchange Online Attack Simulator and Google Chrome

%3CLINGO-SUB%20id%3D%22lingo-sub-429062%22%20slang%3D%22en-US%22%3EMicrosoft%20Exchange%20Online%20Attack%20Simulator%20and%20Google%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-429062%22%20slang%3D%22en-US%22%3E%3CP%3EStarted%20messing%20around%20with%20the%20Attack%20Simulator%20feature%20in%20Exchange%20Online.%20Seems%20pretty%20sweet%20except%20when%20using%20Chrome%2C%20their%20landing%20pages%20get%20blocked%20by%20Google%20Chromes%20own%20Malware%20Screen%20Detection.%26nbsp%3B%20%26nbsp%3BWhile%20we%20like%20to%20think%20all%20malware%20campaigns%20would%20get%20blocked%2C%20this%20does%20not%20seem%20to%20give%20a%20real%20world%20scenario%20results%20I%20would%20like%20to%20see%20(not%20every%20campaign%20will%20get%20blocked%20by%20Chrome).%26nbsp%3B%20Anyone%20know%20of%20a%20way%20to%20get%20around%20this%20for%20true%20corporate%20scan%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-481920%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Exchange%20Online%20Attack%20Simulator%20and%20Google%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-481920%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6398%22%20target%3D%22_blank%22%3E%40Jeff%20Harlow%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20running%20into%20the%20same%20issue.%26nbsp%3B%20Google's%20Safe%20Browsing%20feature%20detects%20all%20of%20Microsoft's%20attack%20simulator%20domains%20as%20malicious.%26nbsp%3B%20Microsoft%20really%20needs%20to%20get%20these%20whitelisted%20by%20Google.%26nbsp%3B%20I%20have%20a%20ticket%20open%20with%20Microsoft%20support%20regarding%20this%20issue%20and%20they%20don't%20seem%20to%20have%20an%20answer%20right%20now.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-481931%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Exchange%20Online%20Attack%20Simulator%20and%20Google%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-481931%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%20Maybe%20you%20will%20have%20better%20luck.%20After%20going%20back%20and%20forth%20with%20Microsoft%20(*cough%203rd%20party%20support)%2C%20they%20basically%20said%20they%20won%E2%80%99t%20fix%20the%20problem.%26nbsp%3B%20They%20claim%20it%20is%20%22Out%20of%20our%20scope%22%3B%20for%20me%20to%20%22contact%20Google%22%20and%20the%20issue%20was%20%22rejected%20due%20to%20security%20constraints%E2%80%9D%26nbsp%3BThey%20were%20unwilling%20to%20whitelist%20their%20OWN%20freaking%20domain.%26nbsp%3B%20%26nbsp%3BIt%20is%20absolutely%20nuts!%20but%20I%20am%20getting%20used%20to%20their%20support%20being%20very%20lacking%20these%20days.%26nbsp%3B%20When%20we%20first%20started%20using%20Office%20365%2C%20it%20was%20great.%20But%20over%20the%20past%20year%2C%20it%20has%20been%20nothing%20but%20junk.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20all%20being%20said.%20I%20did%20find%20a%20workaround.%20It%20is%20not%20stellar%2C%20but%20it%20will%20work.%26nbsp%3B%20We%20use%20Intune%2C%20so%20YMMV.%20Using%20Intune%2C%20I%20created%20the%20typical%20ADMX%20policies%20then%20I%20added%20a%20policy%20to%20install%20Windows%20Defender%20as%20an%20extension.%26nbsp%3B%20Afterwards%2C%20I%20added%20an%20additional%20policy%20to%20disable%20Google's%20%22Safe%20Browsing%22.%26nbsp%3B%20In%20short%2C%20I%20am%20forcing%20Google%20to%20use%20Microsoft's%20defender%20instead%20of%20Google's%20in%20order%20to%20use%20Microsoft's%20sites%20for%20their%20attack%20simulator.%26nbsp%3B%20It%20is%20unbelievable%20that%20one%20has%20to%20do%20this%20as%20they%20were%20unwilling%20to%20whitelist%20their%20OWN%20domains.%20Heck%2C%20I%20even%20sent%20them%20the%20link%20to%20whitelist%3B%20which%20requires%20ownership%20verification.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20that%201st%20contact%20can%20be%20handled%20by%203rd%20party%20support%20lines.%20But%20they%20should%20be%20able%20to%20escalate%20to%20an%20actual%20Microsoft%20engineer%2C%20once%20an%20issue%20has%20been%20determined%20to%20fall%20under%20those%20catagories%3B%20but%20I%20can%20attest%2C%20they%20simply%20wont%20or%20cannot.%26nbsp%3B%20I%20fear%20the%20day%20when%20dealing%20with%20Azure%20support%20becomes%20the%20same%20way.%26nbsp%3B%20At%20least%20my%20experience%20is%20Azure%20support%20at%20least%20seems%20to%20know%20or%20have%20the%20necessary%20information%20to%20support%20their%20platform.%26nbsp%3B%20Office%20365%20on%20the%20other%20hand%2C%20is%20no%20different%20than%20calling%20Comcast%20for%20support.%20%3Ashrug%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Super Contributor

Started messing around with the Attack Simulator feature in Exchange Online. Seems pretty sweet except when using Chrome, their landing pages get blocked by Google Chromes own Malware Screen Detection.   While we like to think all malware campaigns would get blocked, this does not seem to give a real world scenario results I would like to see (not every campaign will get blocked by Chrome).  Anyone know of a way to get around this for true corporate scan?  

 

2 Replies

@Jeff Harlow 

We are running into the same issue.  Google's Safe Browsing feature detects all of Microsoft's attack simulator domains as malicious.  Microsoft really needs to get these whitelisted by Google.  I have a ticket open with Microsoft support regarding this issue and they don't seem to have an answer right now.

best response confirmed by Deleted
Solution

  Maybe you will have better luck. After going back and forth with Microsoft (*cough 3rd party support), they basically said they won’t fix the problem.  They claim it is "Out of our scope"; for me to "contact Google" and the issue was "rejected due to security constraints” They were unwilling to whitelist their OWN freaking domain.   It is absolutely nuts! but I am getting used to their support being very lacking these days.  When we first started using Office 365, it was great. But over the past year, it has been nothing but junk. 

 

That all being said. I did find a workaround. It is not stellar, but it will work.  We use Intune, so YMMV. Using Intune, I created the typical ADMX policies then I added a policy to install Windows Defender as an extension.  Afterwards, I added an additional policy to disable Google's "Safe Browsing".  In short, I am forcing Google to use Microsoft's defender instead of Google's in order to use Microsoft's sites for their attack simulator.  It is unbelievable that one has to do this as they were unwilling to whitelist their OWN domains. Heck, I even sent them the link to whitelist; which requires ownership verification. 

 

I understand that 1st contact can be handled by 3rd party support lines. But they should be able to escalate to an actual Microsoft engineer, once an issue has been determined to fall under those catagories; but I can attest, they simply wont or cannot.  I fear the day when dealing with Azure support becomes the same way.  At least my experience is Azure support at least seems to know or have the necessary information to support their platform.  Office 365 on the other hand, is no different than calling Comcast for support. :shrug: