Mar 27 2020 08:41 AM
Hi guys,
Keep getting organization's users complaining about form.office being blocked by safe links. Thought this is suppose to be scanned and I doubt if there's any involvement such URLs are potential malicious URL.
Quick option is to whitelist/exempt forms.office URL. I do not think that's a good recommendation since some forms may be indeed malicious. I also thought reputation of emails are based on attributes such as sender, IP etc. which in this case is intra-org.
Any suggestions with this new development? Thank you.
Mar 27 2020 10:24 AM
Report the offending messages to Microsoft, so they can adjust their filters.
Mar 27 2020 10:44 AM
Thanks so much @VasilMichev,
That has been done, through submission of the URL not to be blocked. However, just wondering why the filter decided to flag newly created forms or probably flagged the URL domain (*forms.office.com*). Plus, the message (email) wasn't flagged phishing until the safe links blocked access to the URL (forms).
Apr 21 2020 09:54 AM
@OlaOwolabi We have the same here. Where do you whiteliste and more important, where to report this URL to Microsoft?
Thx in advance!
Apr 22 2020 08:56 AM
Hi @chrisd303
User can report email as phishing. Alternatively, admin can report URL or email phishing / malware (or Not-Phishing) through the Microsoft SCC portal > Threat Management > Submissions.
Though not recommended, to whitelist URL - check out below Microsoft doc / Section (look out for Do not rewrite the following URLs);
Apr 23 2020 02:31 AM
Thx for your prompt feedback. Gone for the whitelist as a quick fix and also submitted to MS in SCC. Great support!