Microsoft is introducing override alerts for Microsoft Defender for Office 365 Plan 1 and Plan 2. These new system alert policies will enable security admins to receive alerts if a message with a high confidence phish or malware verdict is delivered to a mailbox due to one of the following overrides:
- Phish delivered due to an IP allow policy
- Phish delivered due to an ETR override.
- Phish delivered because a user’s Junk Mail Folder is disabled.
- Phish not zapped because ZAP is disabled.
- Malware not zapped because ZAP is disabled.
This message is associated with Microsoft 365 Roadmap ID 70567.
When this will happen
Microsoft will be rolling out these new alerts in early February 2021.
How this will affect your organization
With this update, security admins will be alerted if a message with a high confidence phish or malware verdict was delivered due to a system override. These alerts will help you determine which overrides are allowing High Confidence Phish or malware messages to be delivered so that you can fix their configuration.
These alert policies will be on by default however, you can turn these policies off and on again, set up a list of recipients to send email notifications to, and set a daily notification limit at any time.
Visit Managing Alerts to learn how to suppress email notifications.
What you need to do to prepare
Administrators should use the submission portal to report messages they believe to be incorrectly classified as high confidence phish or malware so that the filter can improve organically.
Learn more: Alert policies in the security and compliance center
Sorry, the comment form is closed at this time.