Microsoft Defender EOP
We have been experiencing an issue since last week where we are unable to view the details of quarantined emails. Could you please confirm if this is related to a known backend service issue, or if there are any specific troubleshooting steps we should perform on our end? Any guidance or updates would be greatly appreciated.
No URL Detection in Emails with Extensive %2580 Encoding
Hi Community, I encountered a concerning issue where emails containing URLs with extensive encoding (%2580) completely bypassed all detection and security mechanisms. These encoded URLs weren’t identified as links, which allowed them to evade security scanning. Issue Details: The email contained malicious URLs encoded with %2580. The URLs were not flagged or identified as links, allowing the payload to bypass filters entirely. Questions: Has anyone else encountered similar issues with encoded URLs bypassing detection? What’s the best process to submit this email to Microsoft for analysis and improvements to detection mechanisms, since no URL's were identified? Looking forward to your input and recommendations. Thanks in advance!
capability to detect password protected files to during the email delivery and ZAP process of the e
Does M365 Defender & EOP has capability to detect password protected files to during the email delivery and ZAP process of the email in user mailbox? If yes how we can configure to stop such emails and put them into quarantine and stop the email delivery to end users? I have another follow-up question on this is that if we deploy this Transport rule to quarantine false or parked domains emails like phishing or spam and unwanted emails then how we would filter and allow the legit email domains to send out such files like .PDF, Docs, excel and other password protected files to users mailbox without putting them into Quarantine?How to classify E-Mails with *.html or *.htm attachments as spam?
A tenant is receiving currently an enormous amount of phishing emails with *.html or *.htm attachments. 99% of the e-mail which contain such an attachment are phishing e-mails. What's the best approach to filter out those e-mails? They are using the standard protection threat policies.Fastest workflow to block a phished user?
If a user gets phished, or his credentials get leaked - what's the first thing you do, before you start investigating the issue? A few questions concerning this issue: - Is it enough to block the user in the Office 365 Admin Center? - Should I reset his password, or is blocking the user enough? - If the user is blocked, and he still has an active Exchange Online session, can the blocked user still send e-mails?
Considering changing spam filter
Hello, new to Defender. We currently have a spam filter that filters all inbound and outbound email. We're thinking about dropping it and going with EOP. I'm assuming many here have gone that route already. How was the experience? How is it working for you now? Were/Are there many false positives? Heaven forbid, but does anyone find the MS product LESS capable than a Mimecast, Proofpoint, Barracuda, or SpamTitan type service? Thanks!
