microsoft 365 defender

103 Topics

email quarantine and reason "high confidence phish"
Hi I started testing a phishing email campaign from an external vendor KnowBe4. The emails keep going to quarantine reason "high confidence phish" What is the best way to fix this? I tried excluded the URL from Safe Links and added their sender IPs to O365 Tenant allow/block list. Thank you in advanced.
virtual-tech
May 08, 2023 Place Microsoft Defender for Office 365
90KViews
0likes
4Comments
add to whitelist or safe senders from quarantine
Hello all I see its possible to block a sender from within the quarantine. Is it also possible to whitelist or add a sender to "safe senders" list from within the quarantine ?
Solved
Skipster311-1
Nov 15, 2021 Place Microsoft Defender for Office 365
74KViews
1like
18Comments
Defender Licensing shared mailboxes
Hi, to add Defender to a shared mailbox it is required the Defender license only, or the Defender + an exchange P1 license? In the past I'm quite sure the P1 was required, today seems not, but I cannot find explicit doc. thanks
Solved
topogigio
Apr 20, 2022 Place Microsoft Defender for Office 365
21KViews
0likes
2Comments
DMARC, DKIM, SPF none but Composite authentication pass
Hi all, I have a email where DMARC, DKIM, SPF are marked as None, but still Composite authentication as passed. How can this be since the info of the composite authentication says: Combines multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. If all three are none, what other part of the messages lets the message to pass composite authentication?
Solved
Gunter Danzeisen
Aug 04, 2022 Place Microsoft Defender for Office 365
15KViews
0likes
4Comments
Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)
How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies.
Solved
Kiril
Dec 07, 2022 Place Microsoft Defender for Office 365
11KViews
0likes
19Comments
Moving mx records to O365
Hello We are medium sized company, around 7000 mailboxes. We own several domains that we accept email for. Currently all mx records point to IronPorts. The emails are go through the messaging hygiene at the ironports and then the message is delivered to Exchange online. We want to move all mx records to O365. What i would like to understand, is what is the best strategy to do this? Should i move a domain that doesn't receive a high volume of mail traffic first. I think doing this will allow for fine tuning of the O365 filtering polices, and give us me some indication regarding how successful the move was and what the success rate will be for future domain moves. Also how should i construct my anti spam, anti malware polices? Should i start with the using Preset Security Policies" ? My concern with using the preset policies is you cant edit them. We will have a lot of safe and blocked senders that we will need to export from the IronPort's and import into O365. If i cant edit preset polices, then what is my best course of action? will i need to create custom polices ? I know these are a lot of questions. I'm trying to understand how i should construct the roadmap or process for moving domains to O365 Thank you
Solved
skipster311-175
Jun 14, 2022 Place Microsoft Defender for Office 365
9.2KViews
0likes
6Comments
Enhanced Filtering for Connectors not working
Our mail flow is like this: MX: on-premises Barracuda Barracuda sends into Exchange on-premises. Exchange on-premises sends to EXO via HCW-created "Outbound to Office 365" Send Connector. We have listed our Barracuda IP (Skip-IP-#1), and our Exchange on-premises servers' outbound/external IP (Skip-IP-#2) into our Enhanced Filtering for Connectors "skip list". However, we still get tons of incoming emails quarantined, CAT=PHISH, and when I check them in the quarantine (i.e., review their headers), I can see the SPF test is being done against our Exchange on-premises IP (Skip-IP-#2). There are no signs of the two headers being added - X-MS-Exchange-ExternalOriginalInternetSender and X-MS-Exchange-SkipListedInternetSender - which I understand should be getting added if Enhanced Filtering is working (per this). <removed no-longer-relevant text>
Solved
JeremyTBradshaw
Oct 04, 2021 Place Microsoft Defender for Office 365
7.4KViews
0likes
4Comments
How to classify E-Mails with *.html or *.htm attachments as spam?
A tenant is receiving currently an enormous amount of phishing emails with *.html or *.htm attachments. 99% of the e-mail which contain such an attachment are phishing e-mails. What's the best approach to filter out those e-mails? They are using the standard protection threat policies.
Kiril
Mar 23, 2023 Place Microsoft Defender for Office 365
6.3KViews
1like
9Comments
Best practice advice
Hello all I am fairly new to Defender for O365. I am the cloud admin for a small company roughly 1000 accounts. We are moving from mimecast to Defender for O365. I read the article regarding preset security polices, and thought this would be a good place to start, so i enabled the standard policy for all the domains we host. Considering you cannot edit a preset policy i had to edit the default policy to fill in the gaps to account for the things like safe senders, blocked senders, safe domains and blocked domains. Is this the correct strategy to use? From my understanding the preset security policy will take precedence. How does the precedence work? If i create safe senders in the default anti-spam policy will these settings take effect even though the safe senders are not mentioned in the Standard preset security policy ? https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide
Solved
Skipster311-1
Jul 06, 2021 Place Microsoft Defender for Office 365
5.8KViews
1like
9Comments
Quarantine message "needs review"
Hello all What does "needs review" mean for a message in the quarantine?
Skipster311-1
Nov 15, 2021 Place Microsoft Defender for Office 365
5.6KViews
0likes
2Comments