Microsoft is introducing override alerts for Microsoft Defender for Office 365 Plan 1 and Plan 2. These new system alert policies will enable security admins to receive alerts if a message with a high confidence phish or malware verdict is delivered to a mailbox due to one of the following overrides:
Phish delivered due to an IP allow policy
Phish delivered due to an ETR override.
Phish delivered because a user’s Junk Mail Folder is disabled.
Microsoft will be rolling out these new alerts in early February 2021.
How this will affect your organization
With this update, security admins will be alerted if a message with a high confidence phish or malware verdict was delivered due to a system override. These alerts will help you determine which overrides are allowing High Confidence Phish or malware messages to be delivered so that you can fix their configuration.
These alert policies will be on by default however, you can turn these policies off and on again, set up a list of recipients to send email notifications to, and set a daily notification limit at any time.