@Dimitry Izotov For us, the false positives are from phishing simulation test emails sent by a partner we work with (KnowBe4). In this case, they have a list of domains they use for these tests, they've asked Microsoft (and Microsoft almost certainly knows) that these domains are not malicious, yet Microsoft continues to classify them as such and provides no straight-forward workarounds. I think with Microsoft now offering its own "Attack Simulator", we're going to see them become increasingly hostile and inhospitable towards companies like KnowBe4 who, despite offering a far superior and more mature product that what Microsoft is offering, are being treated as a competitive threat.

We were planning on upgrading all of our users to Office 365 ATP Plan 2 but because we can't resolve this issue, new features like AIR that make this upgrade worth it are virtually useless. Its really quite sad that Microsoft can't play nicely with others.

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE