exchange online protection

45 Topics

URL Detonation Reputation - How do you like it?
I personally have found this detection technology to be a huge pain in the buttocks. To me, this feature doesn't really look at specific threats or risks, it just says "You cannot do anything that involves this domain name". And with that analogy, "involves" translates to any of the following: Domain is in the subject or body One of the included recipient addresses to which the message is addressed uses the domain. One of the recipients who show in the body of the email due to it being a conversation/thread, uses that domain in their address. An attachment includes that domain within its text (PDF, Word, Excel, TXT, all personally observed by me). These things get blocked as "High confidence phish". To me, they are not that whatsoever, until the message itself is doing some of the "phish" verb. This feels like an overstep on the verdict and I'd prefer they come up with a new name for the detection type, as well as a new drop down box for us to choose between MoveToJunk or Quarantine. Most times I've observed this feature "saving" clients, it's a pain in the butt for the client. I will point out the one improvement I've seen since I started belly-aching over this - it is that Microsoft now puts the bad URL/domain from within the attachments, into the list of URLs in the email entity page within M365 Defender portal. So there is at least that there now, which adds the improvement of not having to go through MS Support to find out what is the supposed bad-rep URL. Would like to know if anyone else finds this feature as a pain for the most part, and hear any other suggestions, or just confirmations about my suggestion (new category of detection so we don't have to treat these things like (HC)phish).
Solved
JeremyTBradshaw
Oct 03, 2023 Place Exchange
50KViews
2likes
31Comments
How to unlock PayPal account?
Paypal is an advantageous method for handling exchanges by means of the web. In the event that the PayPal stage identifies any surprising exchanges for you, it prompts you to give more point by point data about you. It is one of the conspicuous and most secure internet based stages to keep up with and move your assets across the globe. Notwithstanding, once in a while you really want to open the https://www.paynowmoney.com/paypal-account-locked/. You can ask concerning why the record was locked and afterward you can follow the cycle to open the PayPal account. Through this article, we trust that through this article you will gain proficiency with the interaction to deal with the unlock%20paypal%20account. So we should begin! How to open the PayPal account locked? ou, most importantly, need to go to the Paypal page and tap on the "Get in touch with us" interface (see assets). Presently, enter the data as incited on the "Help page". Call PayPal assuming required and supply the data is mentioned to open your record. How long does the PayPal account stay locked? In the event that you face a PayPal account briefly locked issue, it will require 24 hours for a record to get opened or a specialist can go it then you are on the telephone on the off chance that you can hardly stand by that long. Keep in mind, don't endeavor to sign in till the full 24 hours get finished. Email from PayPal saying account locked In the event that the email from PayPal says account locked, you will get to be aware by specific focuses that are referenced underneath: You will get a conventional hello, for example, "'Dear client' or "Hi, PayPal part". You will be requested monetary and other individual data, the genuine site won't ever request your subtleties. It will request that you give the following number of any dispatched things before you got the installments. Keep in mind, it will incorporate a product update to introduce on your PC. Certain tips to remain safeguarded on the web On the off chance that the PayPal account locked for the sake of security, you really want to consider these essential tips and deceives to remain safeguarded on the web: Regardless of whether the URL contains "Paypal" then it may not be a PayPal website page. At the point when you use Paypal, then, at that point, consistently ensure that the URL address is recorded on the program. Search for the "lock" image that shows up in the location bar then this image demonstrates that the site which you are visiting is gotten. Visit site : https://www.paynowmoney.com/paypal-account-locked/ | https://www.paynowmoney.com/paypal-account-locked/ | https://www.paynowmoney.com/paypal-account-locked/ | https://www.paynowmoney.com/paypal-account-locked/ |
nancywilson1130
May 12, 2022 Place Microsoft 365
44KViews
0likes
0Comments
Disable Direct Send in Exchange Online to Mitigate Ongoing Phishing Threats
Direct Send allows devices and applications to send unauthenticated emails over port 25 directly to Exchange Online. While this may support legacy devices like printers or scanners, it also opens the door for threat actors to deliver spoofed emails without authentication. These messages often appear to come from trusted internal sources, making them especially dangerous. To reduce your organization’s exposure to this threat, it's strongly recommended to disable Direct Send using Microsoft’s newly introduced RejectDirectSend setting. You can quickly enable this setting using PowerShell: Connect-ExchangeOnline Set-OrganizationConfig -RejectDirectSend $true If you still have devices or applications that need to send emails, use authenticated SMTP submission or set up connector-based routing with certificate or IP restrictions.
Kavya
Jul 18, 2025 Place Microsoft 365
9KViews
0likes
2Comments
How to create addition Encryption option in permissions tab in outlook. Can I change it using IRM
How can I achieve the options from the 2nd picture. I have m365 Enterprise Demo Tenant.
Solved
rhotrix
Oct 19, 2023 Place Microsoft 365
7.7KViews
0likes
5Comments
Office 365 ATP in conjunction with a Third Party spam filter
Hi, I'm just after any advice, experience, comments, lessons learned, etc in relation to using Office 365 Advanced Threat Protection to enhance anti-spam capabilities for Exchange Online.....but in a scenario where the anti-spam is being handled by an external service and not EOP. * Should we do this? * Does ATP lose some of it's capabilities when the filtered mail from the external spam filter is treated as clean (SCL -1 or equivalent)? * If there is no sender rewrite by the third party spam filter, does ATP mailbox intelligence or anti-phishing policies even work? * Anything to add would be welcome here really Regards
Solved
bdelamotte83
Jan 22, 2020 Place Exchange
6KViews
1like
4Comments
License requirement for EOP Quarantine for On-Prem users in Hybrid
If MX is switched to Office 365 in a Hybrid environment and we want to use EOP and Quarantine for On prem mailboxes, what licenses are required? We are in the process of moving all of the mailboxes to Office 365. We have E3 Licenses but i do not want to assign the EXO licenses before they are migrated.
Solved
Tom Gould
May 04, 2018 Place Microsoft 365
5.7KViews
0likes
7Comments
Exchange Online Protection modifying MIME parts of inbound messages
Is it normal for Exchange Online Protection to modify the body of messages in transit? It seems like this would break DKIM, S/MIME, and PGP signatures, among other concerns. Body of message in transit, as enqueued to Exchange Online Protection --f403043c34cc657e800562729e22 Content-Type: text/plain; charset="UTF-8" test 123 --f403043c34cc657e800562729e22 Content-Type: text/html; charset="UTF-8" <div dir="ltr">test 123</div> --f403043c34cc657e800562729e22-- Body of message after processed by Exchange Online Protection --f403043c34cc657e800562729e22 Content-Type: text/plain; charset="UTF-8" X-Microsoft-Exchange-Diagnostics: 1;BN6PR05MB2833;27:Kggba7aJSKdGRUbWQbPxXD6C/Sek7kTm9NiDQTjQ4dXJqlkZ74IZBgkd+mj0Y+pXNC/C5iEbJImUyYsMJ4cZzQcKg3+bNgqEWYXZIQb7hV7hnAr4EPNNG+G8E3Mr4Jh4 X-Microsoft-Antispam-Message-Info: fRiLCE20IMgZ5HIhJaOajYDVyoaLHNGwogh7E3vvNj1oJoMf114SUWJlNk7kgN1/ test 123 --f403043c34cc657e800562729e22 Content-Type: text/html; charset="UTF-8" X-Microsoft-Exchange-Diagnostics: 1;BN6PR05MB2833;27:Kggba7aJSKdGRUbWQbPxXD6C/Sek7kTm9NiDQTjQ4dXJqlkZ74IZBgkd+mj0Y+pXNC/C5iEbJImUyYsMJ4cZzQcKg3+bNgqEWYXZIQb7hV7hnAr4EPNNG+G8E3Mr4Jh4 X-Microsoft-Antispam-Message-Info: fRiLCE20IMgZ5HIhJaOajYDVyoaLHNGwogh7E3vvNj1oJoMf114SUWJlNk7kgN1/ <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div dir="ltr">test 123</div> --f403043c34cc657e800562729e22--
Jesse Thompson
Jan 11, 2018 Place Microsoft 365
4.3KViews
0likes
3Comments
Meaning of 365 Mail Security's "SFS" Header Field
I've seen quite a few threads in various forums with this question. I'm trying to troubleshoot a message that was quarantined. The provided information doesn't contain any justification for the spam verdict. There is one field that might have an answer, however I can't find any official documentation on it. That's the SFS field. This page: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/message-headers-eop-mdo?view=o365-worldwide contains definitions for all of the header fields *except* the SFS field. The SFS field contains nothing but a long list of numerical codes. I'm inclined to think that these codes represent the reasons a message was marked spam. I saw a request for a list of definitions for the SFS codes in GitHub that was marked "resolved," "merged," and then deleted. That's concerning because the ticket it was merged into had a link to the document, but did not contain the requested information after all. I'm going to just assume it was an oversight on the part of tech working on the documentation: https://webcache.googleusercontent.com/search?q=cache:bMqVZtmJ-eUJ:https://github.com/MicrosoftDocs/microsoft-365-docs/issues/740&hl=en&gl=us Any chance we can get some information on the SFS field in order to properly troubleshoot quarantined messages? It seems pretty important, and really strange that the info is so hard to find.
BochulainCV
Jan 18, 2024 Place Microsoft 365
3.2KViews
1like
2Comments
Tenant allow/block list and Exchange rules - order of execution
I've just been trying to reduce all the emails from a particularly large global spam bot which hit my tenant daily and aren't being picked up automatically as SPAM by the service. The bot uses many different individual email mailboxes, on many different (real) domains, registered in many countries (including European countries) - and the domains only seem to make it onto the occasional blacklist. The mail server IPs seem to be Russian ISPs , but several of those too. So it has been difficult to stop but I'm pretty much there as there is only a small variation in the content. In the process of dealing with it, I have noticed that Exchange rules I have defined appear to take precedence over domain entries in the tenant allow/block list, where I expected it to be the other way around. i.e I expected the TABL would be checked before anything else. e.g. I have a particular domain listed in the TABL because I want to block anything/everything from it as it is actually the predominant domain spamming us, and an Exchange rule that just looks for content rather than the source to catch all the other domains that are sending out the exact same junk. The other day, my rule caught an email from the domain based on content, and it is clear the TABL had not had an activation against it. Is my understanding correct, and if so, is there something somewhere that describes how the various components of 365 act on incoming messages and in what order - kinda like a flow chart? I've had a look and can't find anything. Thanks!
Solved
YorkshireMidge
May 28, 2024 Place Microsoft 365
1.9KViews
0likes
4Comments
Exchange/Azure AD higher risk security roles
Aside from organisation management, which other admin roles in Exchange Online (or AAD that grant access to manage aspects within ExO) would generally be considered the higher risk roles that should only ever be granted to authorised/senior email admins? There are tons of default roles available, but organisation management seems to have the most permissions out-of-the-box, I just wondered which other admin roles are generally considered 'higher risk' from a systems integrity/data protection perspective, so we can run some checks on current memberships. i.e. a 'top 5' higher risk admin roles.
Solved
CRIB111
Dec 07, 2023 Place Microsoft 365
1.9KViews
0likes
3Comments