Defender for O365 with onprem mailboxes
Hi all, Just wanted to confirm the usability of some features of Defender for O365 when having a exchange hibrid scenario but still most of the mailboxes on-prem. From my understanding not all features will work Safe Attachments (dynamic delivery will not work for onprem mailboxes) Safe Links (works if the MX is pointing to EOP) ATP for SharePoint, OneDrive, and Microsoft Teams (not applicable to EXO) ATP anti-phishing protection (not sure if all settings will work for onprem mailboxes) Real-time detections (reports) Thanks in advanced, Rgs RM
Adding Targeted Users/Groups in Attack Simulator
Is there a setting that may have changed recently or needs to be changed that enables filtering by groups when creating a simulation. I am unable to browse our groups in our organization any longer, I can choose from other options like City, Departments, Titles, etc. but the AD groups do not populate any longer in this list when trying to add Target Users. Thank you, JeridWhitelist and Safelist problems
With the introduction of Defender for Office 365, there are several more processes that play a role in scanning emails. The Problem: There is no clear or effective way to whitelist security training providers from link and attachment scanning whether in the web portal, API, or Powershell. Impact: One or more of the systems below consistently block, scan links and/or attachments that belong to security training (not actually malicious) from several major providers, and create false positives. Rules in place: Sending Server IPs are whitelisted and emails are modified to set message headers such as "X-MS-Exchange-Organization-SkipSafeLinksProcessing" w/ value "1" "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" w/ value "1" Bypass SPAM = "-1" There does not appear to be a way to whitelist from: SpamZap - Get trapped as SPAM even with bypass. PhishZap - Gets trapped as Phish regardless of rules. MailboxIntelligenceProtection - Same as Phish. Defender for Office 365 Scanning - The bots are clicking the links and creating false positives Safe Documents - same as above. Report Message Link Detonation - Detonates links regardless of whether it's whitelisted anywhere else. Is anyone aware of a way to do this currently? There are between 50-100 different wildcard domains needed to whitelist (if we had to do them individually). A solution cannot include disabling the above services.
capability to detect password protected files to during the email delivery and ZAP process of the e
Does M365 Defender & EOP has capability to detect password protected files to during the email delivery and ZAP process of the email in user mailbox? If yes how we can configure to stop such emails and put them into quarantine and stop the email delivery to end users? I have another follow-up question on this is that if we deploy this Transport rule to quarantine false or parked domains emails like phishing or spam and unwanted emails then how we would filter and allow the legit email domains to send out such files like .PDF, Docs, excel and other password protected files to users mailbox without putting them into Quarantine?
