Mastering Configuration in Defender for Office 365 - Part Two

Published Apr 29 2021 10:00 AM 50.5K Views
Microsoft

This blog is part two of a three-part series detailing the journey we’re on to simplify the configuration of threat protection capabilities in Office 365 to enable best-in class protection for our customers.

 

In the previous blog in this series, we described how we have made it easier for customers to understand configurations gaps in their environment with recently launched features including Preset Security Policies, Configuration Analyzer, and Override Alerts. In this blog, we’ll take a closer look at additional capabilities we are enabling in the product as we continue forward on our journey to block malicious emails from being delivered to end users.

 

Note: This blog has been updated to reflect changes to release dates. 

 

Secure by Default: Tackling the Legacy Override Problem

One of the challenges we are addressing is the legacy override problem. As we covered in the first blog, legacy overrides are tenant level or user level configuration that instruct Office 365 to deliver mail even when the system has determined that the message is suspicious or contains malicious content. As a result of these aging and overly permissive overrides, we get poorly protected pockets with the organization and enable malicious emails to be delivered to end users.

 

To combat this, we here at Microsoft believe it’s critical to keep our customers “secure by default”. We have determined that legacy overrides such as allowed sender and allowed domain lists in anti-spam policies and Safe Senders in Outlook tend to be too broad and cause more harm than good. As a security service, we believe it’s imperative that we act on your behalf to prevent your users from being compromised. That means these legacy overrides are no longer honored for email messages we believe are malicious. We already apply this approach with malware messages and now we are extending it to messages with high confidence phish verdicts. Our data also indicates that the false positive rate (good messages marked as bad) for high confidence phishing messages is extremely low, adding to our conviction about this approach.

 

This feels like a critical step, given how dangerous and voluminous phishing messages have become. To learn more about the current threat landscape, please check out our annual security intelligence report, the Microsoft Digital Defense Report.

 

Ensuring that users cannot interact with malicious emails

As part of our secure by default focus, we’ve also taken additional steps to eliminate the risk of email borne threats. Essentially, when Microsoft is confident that an email contains malicious content, we will not deliver the message to users, regardless of tenant configuration. These messages will be delivered to quarantine, not the junk folder. (In the junk folder, there is always the risk that the user might inadvertently release them to the inbox).

 

Only admins can manage malware or high confidence phish messages that are quarantined, because our data indicates that a user is 30 times more likely to click a malicious link in messages in the junk email folder versus quarantine.

 

Rolling out these secure by default changes

We’ve taken a very deliberate approach to rolling out these changes in phases to ensure customers are not surprised and there are no negative side effects. We began to rollout Secure by Default for high confidence phishing messages by the override type starting in December of last year.

Today, we’re at a point in our Secure by Default journey where the following overrides are not honored for malicious emails (malware or high confidence phish emails):

 

  • Allowed sender lists or allowed domain lists (anti-spam policies)
  • Outlook Safe Senders
  • IP Allow List (connection filtering)

 

In addition, all malicious emails are delivered to quarantine by default.

Learn more about how we are keeping customers secure by visiting our documentation.

 

The Next Phase of Secure by Default rollout – Tackling transport rules

In August, we will extend Secure by Default to cover high confidence phishing messages for the remaining legacy override type, Exchange mail flow rules (also known as transport rules or ETRs).

 

ETRs represent roughly 60% of the high confidence phish message override volume we see, making this phase essential in achieving our Secure by Default goal for customers. For more on ETRs, check out our documentation on mail flow rules.

 

While ETRs represent a large problem space, it is complicated by the fact that customers and vendors have come to rely on it as a way to achieve two specific scenarios where the ‘override’ of malicious messages is quite deliberate and intentional.

 

  1. Phish simulation campaigns: These are messages that Defender for Office 365 routinely detects as being malicious, so customers put ETR rules in place to direct the system to not block delivery of these messages to end users.
  2. Security Operations mailboxes: These are special mailboxes customers setup to support the ability for end users to report malicious emails to SecOps teams.

In both these cases, customers do legitimately want the malicious emails delivered to achieve a very specific business goal.

 

So, in our effort to eliminate the unintentional ETR overrides of malicious emails, we needed to first make sure there was a safe way for customers to achieve the above two goals without having to rely on ETRs as a blunt instrument.

 

Introducing Advanced Delivery for Phishing Simulations and Security Operations Mailboxes

As we covered above, there are special scenarios where security teams may want to explicitly direct that high confidence phish are delivered.

 

  • Third-party phish simulations
  • Security operations mailbox

 

Customers have asked us for a method to explicitly configure message delivery for these scenarios and for the ability to view and filter these messages across our admin experiences. In July, we will launch the new Advanced Delivery capability for these scenarios, providing a method for security admins to explicitly configure for these in-product.

 

Figure 1: Configuring Third-Party Phishing Simulation Campaigns with Advanced Delivery.Figure 1: Configuring Third-Party Phishing Simulation Campaigns with Advanced Delivery.

 

With Advanced Delivery, we will ensure messages configured as part of these scenarios are handled correctly across the product. The protection filters will respect these configurations and not block these messages. And we will also show off these messages with the appropriate annotations in all of the reporting, investigation and security experiences in the product, so security teams and admins are not confused about the true nature of these messages.

 

Since these do not represent a real threat to your organization, we will, for example, not flag the messages as malicious and inadvertently remove them from your inbox, and we’ll skip things like triggering alerts, detonation, and automated investigations. However, admins will have the ability to filter, analyze and understand messages delivered due to these special scenarios.

 

Figure 2: Configuring Security Operations Mailboxes with Advanced Delivery.Figure 2: Configuring Security Operations Mailboxes with Advanced Delivery.

 

It will be important for customers who are utilizing ETRs to configure third-party party phishing simulation campaigns or delivery for security operation mailboxes today to start configuring these with the new Advanced Delivery policy when the feature is launched in July.

After the last phase of Secure by Default is enabled in August, Defender for Office 365 will no longer deliver high confidence phish, regardless of any explicit ETRs.

 

To learn more about the new advanced delivery policy, learn more on Microsoft Docs.

 

Making it easy for customers

This new way of handling phishing simulations from 3rd party vendors and security operations mailboxes is cleaner and offers a great deal of predictability for security teams. We’ve seen numerous occasions where security admins and SecOps members have been stirred into action inadvertently because of lack of clarity in this regard. This new capability above eliminates all that confusion.

 

Most significantly, this feature makes it easier for security and messaging admins to rest assured that their ETR rules cannot impact the protection of their users, and prevents them from having to manually inspect all of their ETR rules (a daunting task) to guarantee that.

 

Stay tuned...

We covered here additional changes we’ve made to help customers understand configuration gaps and the capabilities we’ve launched to eliminate the legacy override problem. In the next blog, we will share details about additional features we are building to further eliminate the configuration gap problem in the case where customers may be unaware of security policy features available to them and have not turned these on.

 

Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.

49 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2326280%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2326280%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3Bwhere%20is%20part%203%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2355509%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2355509%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BWe%20are%20planning%20to%20publish%20part%20three%20in%20June.%20Thanks%20for%20checking%20out%20the%20blog%20series!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2356811%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2356811%22%20slang%3D%22en-US%22%3E%3CP%3ELove%20to%20see%20it.%26nbsp%3B%3CEM%3ESecure%20by%20Default%3C%2FEM%3E%20is%20the%20way%20to%20go.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2361079%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2361079%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20Advanced%20Delivery%20and%20third%20party%20phish%20simulations%20-%26nbsp%3B%20Will%20there%20still%20be%20a%20need%20to%20bypass%20safe%20links%2Fsafe%20attachments%20via%20transport%20rule%20for%20these%20applications%20or%20does%20Advanced%20Delivery%20handle%20that%20as%20well%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2361137%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2361137%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F592439%22%20target%3D%22_blank%22%3E%40mtilson%3C%2FA%3E%26nbsp%3BYes%2C%20Advanced%20Delivery%20will%20handle%20this!%20When%20you%20configure%20a%20third-party%20phish%20simulation%20with%20the%20Advanced%20Delivery%20policy%2C%20you%20will%20no%20longer%20need%20to%20manually%20bypass%20Safe%20Links%2F%20Safe%20Attachments%20via%20transport%20rule.%20Advanced%20Delivery%20will%20automatically%20skip%20detonation%20and%20blocking%20of%20URLs%2Fattachments%20for%20messages%20that%20are%20part%20of%20a%20configured%20third-party%20phish%20simulation%20campaign.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2362061%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2362061%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20what%20happens%20to%20our%20current%20ETR's%20we%20use%20in%20Mail%20flow%20rules%3F%20I%20am%20a%20little%20confused%20what%20my%20steps%20need%20to%20be%20not%20to%20cause%20disruption%20to%20what%20policies%20and%20rules%20we%20use%20now.%20Thanks%20for%20any%20additional%20insight.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2362643%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2362643%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1056189%22%20target%3D%22_blank%22%3E%40stevo2360%3C%2FA%3E%26nbsp%3BExisting%20ETRs%20can%20continue%20to%20exist%20or%20be%20used%20but%20after%20the%20last%20phase%20of%20Secure%20by%20Default%20is%20enabled%20(target%3A%20July)%20for%20mail%20flow%20rules%20(ETRs)%2C%20Defender%20for%20Office%20365%3A%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EWill%20no%20longer%20deliver%20messages%20with%20high%20confidence%20phish%20(or%20malware)%20verdicts%2C%20regardless%20of%20any%20explicit%20ETRs.%20These%20messages%20will%20be%20quarantined.%20We%20will%20still%20continue%20to%20honor%20ETRs%20and%20deliver%20messages%20if%20they%20are%20not%20high%20confidence%20phish%20or%20malware%20verdicts.%20Note%3A%20Secure%20by%20default%20does%20not%20apply%20when%20the%20domain's%20MX%20record%20does%20not%20point%20to%20Office%20365%20(third-party%20filter).%3C%2FLI%3E%0A%3CLI%3EWill%20no%20longer%20recommend%20ETRs%20as%20a%20method%20to%20configure%20third-party%20phishing%20simulations%20and%2For%20Security%20Operation%20Mailbox%20message%20delivery.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EWe%20recommend%20that%20mail%20flow%20rules%20that%20were%20specifically%20created%20to%20define%20third-party%20phishing%20simulation%20campaigns%20or%20to%20direct%20messages%20to%20Security%20Operations%20(SecOps)%20mailboxes%20be%20removed%20once%20you%20configure%20your%20third-party%20phishing%20simulation%20and%2For%20SecOps%20Mailboxes%20with%20the%20new%20advanced%20delivery%20policy%20when%20the%20feature%20rolls%20out%20(target%3A%20mid-June).%20Recommend%20completing%20this%20activity%20by%20early%20July%20before%20the%20last%20phase%20of%20Secure%20by%20Default%20is%20enabled.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2391017%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2391017%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20interesting%20read!%20Can%20you%20help%20me%20understand%20what%20the%20best%20approach%20would%20be%20for%20the%20following%20scenarios%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20We%20have%20some%20system%20mailboxes%20for%20ticketing%20systems%20where%20we%20need%20to%20ensure%20that%20mails%20are%20not%20blocked%20because%20of%20%22Junk%20detection%22%20but%20we%20still%20would%20want%20to%20block%20Spoof%2FPhishing%20mails.%20Right%20now%20the%20only%20real%20option%20seems%20to%20be%20to%20go%20with%20an%20ETR%20and%20set%20the%20SCL%20-1%20which%20is%20allowing%20more%20than%20we%20want%20to.%20Is%20there%20a%20way%20to%20only%20disable%20the%20Junk%20Filter%20to%20avoid%20False%2FPositives%20in%20a%20scenario%20like%20this%20where%20we%20can%20not%20filter%20by%20senders%3F%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20Is%20there%20any%20information%20what%20exactly%20qualifies%20ad%20%22high%20confidence%20phish%22%3F%20Did%20not%20find%20anything%20so%20far.%3CBR%20%2F%3E%3CBR%20%2F%3E3.%20The%20filtering%20stack%20diagram%20is%20great!%26nbsp%3B%20Is%20there%20also%20any%20overview%20which%20parts%20are%20excluded%20for%20example%20when%20setting%20SCL%20-1%20in%20a%20ETR%3F%20Or%20when%20working%20with%20allowed%20IPs%20in%20the%20Connection%20Filter.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2410457%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2410457%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1064677%22%20target%3D%22_blank%22%3E%40BlaaaBlaaBla%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EYou%20can%20create%20a%20custom%20Anti-Spam%20policy%20with%20less%20aggressive%20settings%20for%20Spam%20and%20bulk%20and%20scope%20it%20to%20just%20those%20mailboxes.%3C%2FLI%3E%0A%3CLI%3EHigh%20Confidence%20Phish%20is%20a%20phishing%20message%20that%20could%20take%20malicious%20action%20on%20your%20tenant.%20It's%20not%20something%20that%20is%20just%20annoying%20or%20just%20suspicious%20--%20it's%20a%20message%20that%20we%20know%20is%20malicious%20similar%20to%20malware.%20These%20are%20commonly%20phishing%20emails%20that%20are%20attempting%20to%20harm%20your%20business%20through%20credential%20theft%20or%20business%20email%20compromise.%3C%2FLI%3E%0A%3CLI%3EAfter%20Secure%20by%20Default%20rollout%20is%20completed%2C%20SCL-1%20ETRs%20and%20IP%20allows%20will%20filter%20out%20bulk%20verdict%2C%20spam%20verdict%2C%20spoof%20detection%20verdict%20and%20those%20phishing%20verdicts%20that%20are%20suspicious%20but%20not%20deemed%20malicious.%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2461726%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2461726%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20really%20interested%20about%20this%20part%20%3A%3C%2FP%3E%3CP%3ERolling%20out%20these%20secure%20by%20default%20changes%3C%2FP%3E%3CP%3EWe%E2%80%99ve%20taken%20a%20very%20deliberate%20approach%20to%20rolling%20out%20these%20changes%20in%20phases%20to%20ensure%20customers%20are%20not%20surprised%20and%20there%20are%20no%20negative%20side%20effects.%20We%20began%20to%20rollout%20Secure%20by%20Default%20for%20high%20confidence%20phishing%20messages%20by%20the%20override%20type%20starting%20in%20December%20of%20last%20year.%3C%2FP%3E%3CP%3EToday%2C%20we%E2%80%99re%20at%20a%20point%20in%20our%20Secure%20by%20Default%20journey%20where%20the%20following%20overrides%20are%20not%20honored%20for%20malicious%20emails%20(malware%20or%20high%20confidence%20phish%20emails)%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EAllowed%20sender%20lists%20or%20allowed%20domain%20lists%20(anti-spam%20policies)%3C%2FLI%3E%3CLI%3EOutlook%20Safe%20Senders%3C%2FLI%3E%3CLI%3EIP%20Allow%20List%20(connection%20filtering)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20mean%2C%20that%20if%20i%20have%20in%20IP%20allow%20list%20or%20allowed%20sender%20a%20domain%2C%20user%20whatever%20and%20Microsoft%20will%20judge%20this%20message%20as%20high%20confidence%20spam%2C%20this%20messages%20will%20be%20quarantined%3F%20or%20did%20I%20misunderstood%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2463462%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2463462%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1061665%22%20target%3D%22_blank%22%3E%40Kubho208%3C%2FA%3E%26nbsp%3BYes%2C%20this%20is%20the%20correct%20understanding%20but%20for%20high%20confidence%20phish%20not%20spam.%20We%20no%20longer%20honor%20IP%20allow%20list%20or%20allowed%20sender%2Fdomain%20in%20the%20case%20of%20high%20confidence%20%3CSTRONG%3Ephish%3C%2FSTRONG%3E%20verdicts%20as%20part%20of%20Secure%20by%20Default.%20The%20message%20will%20be%20quarantined.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2493238%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2493238%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20can%20I%20expect%20to%20see%20the%20Advanced%20Filter%20option%20in%20our%20Tenant%3F%20As%20of%20today%20that%20option%20is%20not%20visible%20in%20the%20location%20that%20is%20stated%20in%20online%20documentation.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2500669%22%20slang%3D%22en-US%22%3EBetreff%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2500669%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20if%20the%20detection%20is%20wrong%20and%20i%20know%20it%20is%20not%20a%26nbsp%3Bhigh%20confidence%20phishing%20attack.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20i%20white%20list%20the%20sender%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502545%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502545%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1091760%22%20target%3D%22_blank%22%3E%40Ma-tth%3C%2FA%3E%26nbsp%3BIn%20the%20case%20of%20false%20positives%2C%20admins%20should%20use%20the%20submission%20portal%20to%20report%20messages%20whenever%20they%20believe%20a%20message%20has%20the%20wrong%20verdict%20so%20that%20the%20filter%20can%20improve%20organically.%20You%20can%20also%20continue%20to%20utilize%20the%20overrides%20(ETRs%2C%20user%2Ftenant%20allows%2C%20IP%20allows)%20to%20whitelist%20senders%20but%20we%20will%20no%20longer%20honor%20in%20the%20case%20of%20messages%20we%20believe%20are%20malicious%20(specifically%20malware%20or%20high%20confidence%20phish%20verdicts).%20These%20messages%20will%20be%20quarantined.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdditional%20details%20on%20admin%20submissions%20and%20quarantined%20messages%20here%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fadmin-submission%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdmin%20submissions%20-%20Office%20365%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmanage-quarantined-messages-and-files%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20quarantined%20messages%20and%20files%20as%20an%20admin%20-%20Office%20365%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502572%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502572%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1092209%22%20target%3D%22_blank%22%3E%40ayalalex%3C%2FA%3E%26nbsp%3BYes%2C%20confirming%20that%20Advanced%20Delivery%20will%20be%20available%20for%20all%20SKUs%20(EOP%2C%20MDO%20P1%2C%20MDO%20P2)%20and%20Secure%20by%20Default%20applies%20to%20all%20SKUs%20(EOP%2C%20MDO%20P1%2C%20MDO%20P2)%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2503017%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2503017%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20these%20informative%20posts%20and%20all%20the%20links%20and%20additional%20info.%20I%20have%20a%20question%20that%20indirectly%20relates%20to%20these%20changes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20ticketing%20system%20set%20up%20to%20send%20from%20our%20365%20mailboxes%2C%20so%20the%20sender%20address%20looks%20like%20an%20internal%20address%20from%20our%20company.%20The%20ticketing%20system%20uses%20SMTP2GO%20to%20relay%20all%20emails%20sent%20from%20it%2C%20to%20both%20external%20customers%20and%20our%20internal%20users.%26nbsp%3B%20SMTP2GO%20emails%20seem%20to%20be%20automatically%20marked%20as%20High%20Confidence%20Spam%20(%20not%20phish%20)%20by%20the%20spam%20filter%20(%20I%20think%20based%20on%20the%20fact%20that%20their%20origin%20is%20New%20Zealand%20%2F%20outside%20our%20country%20)%2C%20so%20the%20filter%20wants%20to%20send%20them%20to%20Junk.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20an%20ETR%20which%20bypasses%20the%20spam%20filter%20based%20on%20the%20specific%20IP%20addresses%20that%20SMTP2GO%20uses.%20As%20I%20understand%2C%20this%20particular%20ETR%20will%20not%20be%20affected%20by%20these%20changes%20because%20it's%20for%20spam%2C%20not%20phishing%2C%20however%2C%20I%20wanted%20to%20ask%20if%20we%20should%20be%20doing%20this%20differently%2C%20or%20if%20there's%20a%20way%20to%20migrate%20this%20and%20other%20ETRs%20from%20the%20old%20Exchange%20Admin%20Center%20into%20the%20newer%20365%20Defender%20systems.%20Or%2C%20how%20can%20I%20contribute%20to%20telling%20the%20spam%20filters%20that%20SMTP2GO%20isn't%20automatically%20High%20Confidence%20Spam%3F%20I've%20already%20submitted%20several%20messages%20a%20long%20time%20ago%2C%20and%20it%20continues%20to%20mark%20them%20as%20HCS.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2505399%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2505399%22%20slang%3D%22en-US%22%3E%3CP%3EMost%26nbsp%3B%3CSPAN%3Ethird-party%20phishing%20simulation%20tool%2C%20altering%20reporting%20feature%20in%20outlook%2C%20it%20reports%20to%20them%2C%20instead%20report%20to%20admin%20or%20Microsoft%20engineer%2C%26nbsp%3B%26nbsp%3Bit's%20remove%20default%20options%20dropdown%20%3CJUNK%3E%3CPHISHING%3E%3CNOT%20junk%3D%22%22%3E%3CHELP%3E%3C%2FHELP%3E%3C%2FNOT%3E%3C%2FPHISHING%3E%3C%2FJUNK%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20understanding%2C%20need%20primarily%26nbsp%3Bthe%20default%20%22%20Report%20Message%22%20option%20and%20need%20combine%20third-party%26nbsp%3Breporting%20mechanism%26nbsp%3Bfor%26nbsp%3B%26nbsp%3Banalytics%26nbsp%3Bwith%20that%20toll.%20Is%20there%20a%20any%20settings%20we%20have%20to%20configure%20at%20Tennent%26nbsp%3Blevel.%20(something%20like%20integrate%26nbsp%3Bboth%20option%20from%20backend)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2509054%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2509054%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1003813%22%20target%3D%22_blank%22%3E%40Km_MSN%3C%2FA%3E%26nbsp%3BTo%20learn%20about%20settings%20you%20can%20configure%20in%20regards%20to%20your%20question%2C%20please%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fuser-submission%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUser%20reported%20message%20settings%20-%20Office%20365%20%7C%20Microsoft%20Docs%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2509110%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2509110%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Saini%2C%20worth%20to%20have%20a%20option%20add%20mailbox%20from%20outside%20%22%3CSTRONG%3EMy%20organization's%20mailbox%22%2C%20%3C%2FSTRONG%3Ewhich%20can%20use%20analytical%26nbsp%3Bpurpose%20of%26nbsp%3BThird-party%20reporting%20use%20for%20training%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2529460%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2529460%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3B-%20will%20this%20change%20(blocking%20HPISH%20by%20default%20regardless%20of%20transport%20rule)%20affect%20outbound%20%2F%20internal%20mail%2C%20or%20is%20this%20strictly%20going%20to%20affect%20inbound%20mail%20from%20senders%20outside%20the%20organization.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2530887%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2530887%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F361660%22%20target%3D%22_blank%22%3E%40Rotshak%3C%2FA%3E%26nbsp%3BSecure%20by%20Default%20applies%20to%20inbound%20mail.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2531558%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2531558%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20a%20bit%20worried%20about%20this%20change%20and%20the%20timing.%20Our%20tenant%20still%20doesn't%20have%20the%20'Advanced%20Delivery'%20option%20available%2C%20and%20the%20'%3CSPAN%3ENew-SecOpsOverridePolicy'%20command%20isn't%20included%20in%20the%26nbsp%3BSecurity%20%26amp%3B%20Compliance%20Center%20PowerShell%20module%20version%202.0.5%20(latest%20version%20online)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20that%20leaves%20us%20with%20no%20option%20to%20prepare%20for%20this%20upcoming%20change%20during%20summer%20break.%20I'm%20leaving%20for%20PTO%20now%2C%20and%20hope%20this%20won't%20break%20our%20SecOps%20mailboxes%20over%20the%20course%20of%20my%20holiday%2C%20and%20the%20service%20we%20offer%20to%20our%20customers.%20Hopefully%20we'll%20get%20enough%20time%20to%20implement.%20ETA%20is%20august%3F%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2533220%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2533220%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1099413%22%20target%3D%22_blank%22%3E%40Tomsan%3C%2FA%3E%26nbsp%3BWe%20appreciate%20your%20patience.%20We%20are%20targeting%20worldwide%20release%20of%20Advanced%20Delivery%20by%20the%20end%20of%20July.%20Once%20Advanced%20Delivery%20is%20released%20(based%20on%20actual%20date)%2C%20we%20will%20ensure%20customers%20have%204%20weeks%20to%20complete%20migration%20to%20the%20new%20feature%20before%20we%20start%20the%20rollout%20of%20Secure%20by%20Default%20for%20ETRs.%20Based%20on%20the%20current%20estimate%20for%20Advanced%20Delivery%2C%20this%20means%20we%20will%20start%20rollout%20of%20Secure%20by%20Default%20end%20of%20August%20and%20complete%20in%20September.%20We%20are%20keeping%20the%20following%20message%20center%20posts%20updated%20with%20timeline%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EMC256473%2C%3C%2FSTRONG%3E%20(Updated)%20Microsoft%20Defender%20for%20Office%20365%3A%20Introducing%20Advanced%20Delivery%20for%20Phishing%20Simulations%20and%20SecOps%20Mailboxes%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EMC265759%2C%3C%2FSTRONG%3E%20(Updated)%20Microsoft%20Defender%20for%20Office%20365%3A%20Extending%20Secure%20by%20Default%20for%20Exchange%20Transport%20Rules%20(ETRs)%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2494348%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2494348%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F493434%22%20target%3D%22_blank%22%3E%40BrandonDBC%3C%2FA%3E%26nbsp%3BI%20expect%20customers%20will%20see%20the%20new%20advanced%20delivery%20feature%20in%20their%20tenants%20by%20mid-next%20week.%20I%20have%20submitted%20an%20updated%20to%20communications%20via%20admin%20message%20center%20post%20so%20customers%20get%20the%20updated%20timeline.%20Thanks%20for%20your%20patience!%20Looking%20forward%20to%20getting%20this%20feature%20out%20to%20customers%20soon!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUPDATE%20(9-July)%3A%20Advanced%20Delivery%20GA%20was%20delayed%20until%20end%20of%20July.%20Thanks%20for%20your%20patience.%20You%20can%20get%20the%20latest%20status%20via%20our%20message%20center%20posts%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EMC256473%2C%3C%2FSTRONG%3E%20(Updated)%20Microsoft%20Defender%20for%20Office%20365%3A%20Introducing%20Advanced%20Delivery%20for%20Phishing%20Simulations%20and%20SecOps%20Mailboxes%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EMC265759%2C%3C%2FSTRONG%3E%20(Updated)%20Microsoft%20Defender%20for%20Office%20365%3A%20Extending%20Secure%20by%20Default%20for%20Exchange%20Transport%20Rules%20(ETRs)%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2595476%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2595476%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20new%20Advanced%20Delivery%20functionality%20finally%20arrived%20in%20my%20tenant%20today.%26nbsp%3B%20However%2C%20I'm%20finding%20that%20the%20configuration%20options%20are%20not%20sufficient.%26nbsp%3B%20We%20use%20the%20Proofpoint%20Security%20Awareness%20Training%20module%20(formerly%20Wombat).%26nbsp%3B%20Their%20official%20documentation%20lists%202%20IP%20addresses%20and%20137%20domains.%26nbsp%3B%20However%2C%20your%20configuration%20only%20allows%20for%20adding%20up%20to%2010%20domains.%26nbsp%3B%20Am%20I%20missing%20something%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20testing%20shows%20that%20without%20listing%20the%20domain%20being%20used%20in%20the%20simulation%20email%20the%20simulated%20phish%20is%20quarantined.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20seems%20to%20be%20a%20big%20gap%20that%20needs%20a%20solution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2597889%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2597889%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20issue%20as%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1115964%22%20target%3D%22_blank%22%3E%40Trey_Contello%3C%2FA%3E.%20We%20should%20either%20be%20able%20to%20enter%20all%20the%20domains%20or%20enter%20only%20the%20IPs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2597898%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2597898%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20improvement%20coming%20in%20September%20to%20use%20the%20DKIM%20domain%20that%20can%20help%20address%20the%20domain%20limitation.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%22%3CSPAN%3EMicrosoft%20Defender%20for%20Office%20365%3A%20DomainKeys%20Identified%20Mail%20(DKIM)%20support%20for%20Advanced%20Delivery%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22c-paragraph-3%22%3EWe're%20adding%20support%20for%20DomainKeys%20Identified%20Mail%20(DKIM)%20domains%20to%20our%20advanced%20delivery%20feature%2C%20enabling%20administrators%20to%20use%20DKIM%20domains%20in%20addition%20to%20sending%20domains%20to%20configure%20their%20third-party%20phishing%20simulations.%22%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3Ddkim%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20365%20Roadmap%20%7C%20Microsoft%20365%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2601843%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2601843%22%20slang%3D%22en-US%22%3E%3CP%3EReferring%20to%20Configure%20third-party%20phishing%20simulations%20in%20the%20advanced%20delivery%20policy%3B%20like%20Cofense%20Phish%20ME%20simulation%20having%20over%20100%20sending%20domains.%20But%20here%20we%20can%20add%20up%20to%2010%20entries.%20Do%20we%20have%20any%20other%20option%20here%2C%20including%20X-ID%20field%20scanning%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2606586%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2606586%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20read%20through%20the%20DKIM%20Support%20for%20Advanced%20Delivery%20article.%26nbsp%3B%20It%20sounds%20like%20it%20will%20address%20the%20issue.%26nbsp%3B%20However%2C%20I'm%20curious%20about%20the%20timing.%26nbsp%3B%20As%20stated%20above%26nbsp%3B%22%3CSPAN%3Ein%20our%20effort%20to%20eliminate%20the%20unintentional%20ETR%20overrides%20of%20malicious%20emails%2C%20we%20needed%20to%20first%20make%20sure%20there%20was%20a%20safe%20way%20for%20customers%20to%20achieve%20the%20above%20two%20goals%20without%20having%20to%20rely%20on%20ETRs%20as%20a%20blunt%20instrument.%22%26nbsp%3B%20As%20of%20now%2C%20it%20does%20not%20seem%20to%20me%20that%20Microsoft%20has%20achieved%20that%20requirement.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20DKIM%20Support%20for%20Advanced%20Delivery%20is%20not%20available%20when%20ETR's%20are%20removed%2C%20then%20my%20understanding%20is%20that%20Microsoft%20will%20be%20sabotaging%20the%20ability%20of%20customers%20to%20run%20simulated%20Phishing%20campaigns.%26nbsp%3B%20It%20is%20commendable%20that%20there%20will%20be%20a%20solution%20in%20the%20future.%26nbsp%3B%20Will%20it%20arrive%20before%20my%20simulated%20phishing%20campaigns%20are%20crippled%3F%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20appreciate%20Microsoft's%20efforts%20here%2C%20but%20is%20Microsoft%20working%20with%20the%20vendors%20that%20provide%20solutions%20in%20this%20space%20to%20provide%20clear%20documentation%20and%20information%20to%20their%20customers%3F%26nbsp%3B%20I'm%20referring%20to%20Knowbe4%2C%20Proofpoint%2C%20Cofense%2C%20etc.%26nbsp%3B%20Do%20those%20vendors%20have%20updated%20KB's%20posted%20on%20their%20support%20sites%20telling%20customers%20how%20do%20deal%20with%20this%20change%3F%26nbsp%3B%20It%20seems%20a%20bit%20obvious%20that%20Microsoft%20should%20be%20taking%20the%20lead%20here%2C%20but%20I'm%20not%20finding%20any%20vendor%20specific%20documentation%20dealing%20with%20this%20change%20anywhere.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20would%20appreciate%20Microsoft%20updating%20us%20on%20this%20question%2Fissue.%26nbsp%3B%20As%20an%20MSP%2C%20I%20run%20a%20lot%20of%20Phishing%20simulations%20with%20a%20lot%20of%20Office%20365%20customers%2C%20and%20don't%20want%20to%20be%20crippled%20because%20Microsoft's%20%22solution%22%20does%20not%20meet%20the%20needs%20of%20their%20customers.%26nbsp%3B%20Anything%20to%20contribute%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2607247%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2607247%22%20slang%3D%22en-US%22%3E%3CP%3ESo%2C%20my%20understanding%20is%20that%20we're%20going%20to%20be%20in%20a%20bit%20of%20a%20bind%20due%20to%20this%20change.%26nbsp%3B%20The%20vendors%20have%20not%20yet%20released%20any%20updated%20documentation.%26nbsp%3B%20So%20I%20can't%20load%20the%20137%20domains%20that%20I%20need%20to%20load%20because%20of%20the%20limitation%20of%2010.%26nbsp%3B%20The%20workaround%20DKIM%20solution%20won't%20be%20ready%20for%20a%20couple%20of%20months%20yet%2C%20and%20then%20will%20be%20useful%20only%20if%20it%20is%20adopted%20and%20enabled%20by%20the%20vendors.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20leaves%20us%20MSP's%20and%20our%20customers%20stuck%20in%20the%20middle%20with%20no%20real%20solution.%26nbsp%3B%20Or%20am%20I%20missing%20something%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anything%20more%20you%20can%20share%3F%26nbsp%3B%20Are%20the%20vendors%20that%20you%20partnered%20with%20aware%20of%20this%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2607446%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2607446%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1119641%22%20target%3D%22_blank%22%3E%40TreyContello%3C%2FA%3E%26nbsp%3B%3CSPAN%3ERecommend%20reaching%20out%20the%20phishing%20simulation%20vendor%20for%20updated%20guidance.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EWe%20have%20provided%20this%20guidance%20to%20the%20phishing%20simulation%20vendors%20as%20mentioned%20above%20and%20are%20open%20to%20working%20with%20them%20to%20build%20out%20the%20guidance.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2626743%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2626743%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThank%20you%20for%20your%20articles%20on%20this%20feature.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20few%20follow%20up%20questions%20in%20regards%20to%20this%20feature%20working%20with%20third%20party%20mail%20filters.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-In%20the%20documentation%20it%20mentions%20setting%20up%20Enhanced%20Filtering%20for%20connectors%26nbsp%3B(also%20known%20as%20skip%20listing).%20Will%20this%20advanced%20delivery%20feature%20work%20if%20skip%20listing%20has%20been%20implemented%20correctly%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E-%20The%20documentation%20also%20goes%20on%20to%20say%20%22%3CSPAN%3EIf%20you%20don't%20want%20Enhanced%20Filtering%20for%20Connectors%2C%20use%20mail%20flow%20rules%20(also%20known%20as%20transport%20rules)%20to%20bypass%20Microsoft%20filtering%20for%20messages%20that%20have%20already%20been%20evaluated%20by%20third-party%20filtering.%22%20My%20understanding%20is%20that%20ETR%2Fmail%20flow%20rules%20will%20become%20legacy%20overrides%20and%20will%20no%20longer%20be%20honored.%20Would%20you%20be%20able%20to%20clarifying%20the%20reason%20they%20were%20mentioned%20here%20in%20the%20documentation%3F%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Lastly%2C%20when%20will%20the%20existing%20ETR%20stop%20functioning%20or%20when%20would%20you%20be%20able%20to%20confirmation%20a%20date%20as%20the%20status%20on%20the%20road%20map%20currently%20says%20'rolling%20out'%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advanced%20for%20your%20response!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2628190%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2628190%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3BI%20have%20similar%20concerns%20as%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1123692%22%20target%3D%22_blank%22%3E%40Ian_Finn%3C%2FA%3E.%20We%20have%20customers%20using%20Proofpoint%20in%20front%20of%20EXO%20%2F%20Defender%20and%20have%20configured%20Enhanced%20Filtering%20for%20them.%20The%20way%20I%20understand%20it%2C%20the%20new%20Advanced%20Delivery%20%2F%20Secure%20by%20Default%20features%20will%20potentially%26nbsp%3B%20junk%20%2F%20quarantine%20emails%20that%20hit%20ETRs%20that%20were%20created%20for%20Proofpoint.%20Is%20the%20recommendation%20to%20disable%20Enhanced%20Filtering%20in%20these%20scenarios%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2628203%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2628203%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1123692%22%20target%3D%22_blank%22%3E%40Ian_Finn%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EYes%2C%20Advanced%20Delivery%20will%20work%20regardless%20of%20skip%20listing%20or%20where%20mx%20record%20points.%3C%2FLI%3E%0A%3CLI%3EThis%20is%20the%20case%20where%20a%20customer%20is%20utilizing%20a%20third-party%20filter%20and%20does%20not%20want%20to%20apply%20Microsoft%20Defender%20for%20Offic%20365%20filtering.%20If%20your%20domain's%20MX%20record%20doesn't%20point%20to%20Office%20365%20(messages%20are%20routed%20somewhere%20else%20first)%2C%20Secure%20by%20Default%20will%20not%20apply%20and%20the%20ETRs%20will%20continued%20to%20be%20honored.%3C%2FLI%3E%0A%3CLI%3EPlease%20note%2C%20ETRs%20will%20continue%20to%20be%20available%20and%20function%20as%20intended%2C%20but%20in%20the%20case%20of%20high%20confidence%20phish%20verdicts%2C%20those%20messages%20will%20be%20sent%20to%20quarantine.%20ETRs%20can%20still%20be%20used%20as%20previously%20done%20for%20other%20verdicts%20like%20spam%2C%20normal%20confidence%20phish.%26nbsp%3B%3C%2FLI%3E%0A%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2628383%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2628383%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1009947%22%20target%3D%22_blank%22%3E%40MatthewSilcox%3C%2FA%3E%26nbsp%3BWe%20still%20recommend%20enabling%20Enhanced%20Filtering.%20This%20connector%20setting%20helps%20us%20undersatnd%20that%20there%20is%20another%203rd%20party%20filter%20between%20us%20and%20the%20the%20sender.%20Please%20see%20my%20comments%20above.%20Advanced%20Delivery%20is%20still%20available%20in%20the%20example%20you%20mentioned.%20Also%20note%2C%20Secure%20by%20Default%20will%20not%20apply%20if%20their%20MX%20record%20does%20not%20point%20to%20Office%20365.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2633302%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2633302%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1123692%22%20target%3D%22_blank%22%3E%40Ian_Finn%3C%2FA%3E%26nbsp%3BYes%2C%20confirming%20advanced%20delivery%20is%20available%20regardless%20of%20any%20third%20party%20filtering%20or%20where%20MX%20record%20points.%20You%20would%20just%20need%20to%20configure%20settings%20in%20the%20new%20advanced%20delivery%20policy%20for%20you%20third-party%20phishing%20simulation%20or%20delivery%20for%20a%20security%20operation%20mailbox.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMx%20record%20only%20matters%20for%20Secure%20by%20Default.%20Secure%20by%20Default%20only%20applies%20when%20Mx%20record%20points%20to%20Office%20365.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2307134%22%20slang%3D%22en-US%22%3EMastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2307134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EThis%20blog%20is%20part%20two%20of%20a%20three-part%20series%20detailing%20the%20journey%20we%E2%80%99re%20on%20to%20simplify%20the%20configuration%20of%20threat%20protection%20capabilities%20in%20Office%20365%20to%20enable%20best-in%20class%20protection%20for%20our%20customers.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-office%2Fmastering-configuration-in-defender-for-office-365-part-one%2Fba-p%2F2300064%22%20target%3D%22_blank%22%3Eprevious%20blog%3C%2FA%3E%20in%20this%20series%2C%20we%20described%20how%20we%20have%20made%20it%20easier%20for%20customers%20to%20understand%20configurations%20gaps%20in%20their%20environment%20with%20recently%20launched%20features%20including%20Preset%20Security%20Policies%2C%20Configuration%20Analyzer%2C%20and%20Override%20Alerts.%20In%20this%20blog%2C%20we%E2%80%99ll%20take%20a%20closer%20look%20at%20additional%20capabilities%20we%20are%20enabling%20in%20the%20product%20as%20we%20continue%20forward%20on%20our%20journey%20to%20block%20malicious%20emails%20from%20being%20delivered%20to%20end%20users.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3ENote%3A%20This%20blog%20has%20been%20updated%20to%20reflect%20changes%20to%20release%20dates.%20%3C%2FPRE%3E%0A%3CH2%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%20id%3D%22toc-hId--471488850%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%20id%3D%22toc-hId-2016023983%22%3ESecure%20by%20Default%3A%20Tackling%20the%20Legacy%20Override%20Problem%3C%2FH2%3E%0A%3CP%3EOne%20of%20the%20challenges%20we%20are%20addressing%20is%20the%20legacy%20override%20problem.%20As%20we%20covered%20in%20the%20first%20blog%2C%20legacy%20overrides%20are%20tenant%20level%20or%20user%20level%20configuration%20that%20instruct%20Office%20365%20to%20deliver%20mail%20even%20when%20the%20system%20has%20determined%20that%20the%20message%20is%20suspicious%20or%20contains%20malicious%20content.%20As%20a%20result%20of%20these%20aging%20and%20overly%20permissive%20overrides%2C%20we%20get%20poorly%20protected%20pockets%20with%20the%20organization%20and%20enable%20malicious%20emails%20to%20be%20delivered%20to%20end%20users.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20combat%20this%2C%20we%20here%20at%20Microsoft%20believe%20it%E2%80%99s%20critical%20to%20keep%20our%20customers%20%E2%80%9Csecure%20by%20default%E2%80%9D.%20We%20have%20determined%20that%20legacy%20overrides%20such%20as%20allowed%20sender%20and%20allowed%20domain%20lists%20in%20anti-spam%20policies%20and%20Safe%20Senders%20in%20Outlook%20tend%20to%20be%20too%20broad%20and%20cause%20more%20harm%20than%20good.%20As%20a%20security%20service%2C%20we%20believe%20it%E2%80%99s%20imperative%20that%20we%20act%20on%20your%20behalf%20to%20prevent%20your%20users%20from%20being%20compromised.%20%3CSTRONG%3EThat%20means%20these%20legacy%20overrides%20are%20no%20longer%20honored%20for%20email%20messages%20we%20believe%20are%20malicious%3C%2FSTRONG%3E.%20We%20already%20apply%20this%20approach%20with%20malware%20messages%20and%20now%20we%20are%20extending%20it%20to%20messages%20with%20high%20confidence%20phish%20verdicts.%20Our%20data%20also%20indicates%20that%20the%20false%20positive%20rate%20(good%20messages%20marked%20as%20bad)%20for%20high%20confidence%20phishing%20messages%20is%20extremely%20low%2C%20adding%20to%20our%20conviction%20about%20this%20approach.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20feels%20like%20a%20critical%20step%2C%20given%20how%20dangerous%20and%20voluminous%20phishing%20messages%20have%20become.%20To%20learn%20more%20about%20the%20current%20threat%20landscape%2C%20please%20check%20out%20our%20annual%20security%20intelligence%20report%2C%20the%20%3CA%20href%3D%22https%3A%2F%2Fquery.prod.cms.rt.microsoft.com%2Fcms%2Fapi%2Fam%2Fbinary%2FRWxPuf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Digital%20Defense%20Report%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%20id%3D%22toc-hId-208569520%22%3EEnsuring%20that%20users%20cannot%20interact%20with%20malicious%20emails%3C%2FH2%3E%0A%3CP%3EAs%20part%20of%20our%20secure%20by%20default%20focus%2C%20we%E2%80%99ve%20also%20taken%20additional%20steps%20to%20eliminate%20the%20risk%20of%20email%20borne%20threats.%20Essentially%2C%20when%20Microsoft%20is%20confident%20that%20an%20email%20contains%20malicious%20content%2C%20we%20will%20not%20deliver%20the%20message%20to%20users%2C%20regardless%20of%20tenant%20configuration.%20These%20messages%20will%20be%20delivered%20to%20quarantine%2C%20not%20the%20junk%20folder.%20(In%20the%20junk%20folder%2C%20there%20is%20always%20the%20risk%20that%20the%20user%20might%20inadvertently%20release%20them%20to%20the%20inbox).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnly%20admins%20can%20manage%20malware%20or%20high%20confidence%20phish%20messages%20that%20are%20quarantined%2C%20because%20our%20data%20indicates%20that%20a%20user%20is%2030%20times%20more%20likely%20to%20click%20a%20malicious%20link%20in%20messages%20in%20the%20junk%20email%20folder%20versus%20quarantine.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%20id%3D%22toc-hId--1598884943%22%3ERolling%20out%20these%20secure%20by%20default%20changes%3C%2FH2%3E%0A%3CP%3EWe%E2%80%99ve%20taken%20a%20very%20deliberate%20approach%20to%20rolling%20out%20these%20changes%20in%20phases%20to%20ensure%20customers%20are%20not%20surprised%20and%20there%20are%20no%20negative%20side%20effects.%20We%20began%20to%20rollout%20Secure%20by%20Default%20for%20high%20confidence%20phishing%20messages%20by%20the%20override%20type%20starting%20in%20December%20of%20last%20year.%3C%2FP%3E%0A%3CP%3EToday%2C%20we%E2%80%99re%20at%20a%20point%20in%20our%20Secure%20by%20Default%20journey%20where%20the%20following%20overrides%20are%20not%20honored%20for%20malicious%20emails%20(malware%20or%20high%20confidence%20phish%20emails)%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAllowed%20sender%20lists%20or%20allowed%20domain%20lists%20(anti-spam%20policies)%3C%2FLI%3E%0A%3CLI%3EOutlook%20Safe%20Senders%3C%2FLI%3E%0A%3CLI%3EIP%20Allow%20List%20(connection%20filtering)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20all%20malicious%20emails%20are%20delivered%20to%20quarantine%20by%20default.%3C%2FP%3E%0A%3CP%3ELearn%20more%20about%20how%20we%20are%20keeping%20customers%20secure%20by%20visiting%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fsecure-by-default%3Fview%3Do365-worldwide%23%3A~%3Atext%3DSecurity%252FSecOps%2520mailboxes%253A%2520dedicated%2520mailboxes%2520used%2520by%2520security%2520teams%2Cthe%2520third-party%2520filter%2520will%2520manage%2520the%2520mail%2520filtering.%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%20id%3D%22toc-hId-888627890%22%3EThe%20Next%20Phase%20of%20Secure%20by%20Default%20rollout%20%E2%80%93%20Tackling%20transport%20rules%3C%2FH2%3E%0A%3CP%3EIn%20August%2C%20we%20will%20extend%20Secure%20by%20Default%20to%20cover%20high%20confidence%20phishing%20messages%20for%20the%20remaining%20legacy%20override%20type%2C%20Exchange%20mail%20flow%20rules%20(also%20known%20as%20transport%20rules%20or%20ETRs).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EETRs%20represent%20roughly%2060%25%20of%20the%20high%20confidence%20phish%20message%20override%20volume%20we%20see%2C%20making%20this%20phase%20essential%20in%20achieving%20our%20Secure%20by%20Default%20goal%20for%20customers.%20For%20more%20on%20ETRs%2C%20check%20out%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fuse-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%20on%20mail%20flow%20rules%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhile%20ETRs%20represent%20a%20large%20problem%20space%2C%20it%20is%20complicated%20by%20the%20fact%20that%20customers%20and%20vendors%20have%20come%20to%20rely%20on%20it%20as%20a%20way%20to%20achieve%20two%20specific%20scenarios%20where%20the%20%E2%80%98override%E2%80%99%20of%20malicious%20messages%20is%20quite%20deliberate%20and%20intentional.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EPhish%20simulation%20campaigns%3A%20These%20are%20messages%20that%20Defender%20for%20Office%20365%20routinely%20detects%20as%20being%20malicious%2C%20so%20customers%20put%20ETR%20rules%20in%20place%20to%20direct%20the%20system%20to%20not%20block%20delivery%20of%20these%20messages%20to%20end%20users.%3C%2FLI%3E%0A%3CLI%3ESecurity%20Operations%20mailboxes%3A%20These%20are%20special%20mailboxes%20customers%20setup%20to%20support%20the%20ability%20for%20end%20users%20to%20report%20malicious%20emails%20to%20SecOps%20teams.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EIn%20both%20these%20cases%2C%20customers%20do%20legitimately%20want%20the%20malicious%20emails%20delivered%20to%20achieve%20a%20very%20specific%20business%20goal.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%2C%20in%20our%20effort%20to%20eliminate%20the%20unintentional%20ETR%20overrides%20of%20malicious%20emails%2C%20we%20needed%20to%20first%20make%20sure%20there%20was%20a%20safe%20way%20for%20customers%20to%20achieve%20the%20above%20two%20goals%20without%20having%20to%20rely%20on%20ETRs%20as%20a%20blunt%20instrument.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%20id%3D%22toc-hId--918826573%22%3EIntroducing%20Advanced%20Delivery%20for%20Phishing%20Simulations%20and%20Security%20Operations%20Mailboxes%3C%2FH2%3E%0A%3CP%3EAs%20we%20covered%20above%2C%20there%20are%20special%20scenarios%20where%20security%20teams%20may%20want%20to%20explicitly%20direct%20that%20high%20confidence%20phish%20are%20delivered.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThird-party%20phish%20simulations%3C%2FLI%3E%0A%3CLI%3ESecurity%20operations%20mailbox%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECustomers%20have%20asked%20us%20for%20a%20method%20to%20explicitly%20configure%20message%20delivery%20for%20these%20scenarios%20and%20for%20the%20ability%20to%20view%20and%20filter%20these%20messages%20across%20our%20admin%20experiences.%20In%20July%2C%20we%20will%20launch%20the%20new%20Advanced%20Delivery%20capability%20for%20these%20scenarios%2C%20providing%20a%20method%20for%20security%20admins%20to%20explicitly%20configure%20for%20these%20in-product.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22phishsim2.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F276863i7CE5E8AFACFDE751%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22phishsim2.png%22%20alt%3D%22Figure%201%3A%20Configuring%20Third-Party%20Phishing%20Simulation%20Campaigns%20with%20Advanced%20Delivery.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%201%3A%20Configuring%20Third-Party%20Phishing%20Simulation%20Campaigns%20with%20Advanced%20Delivery.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20Advanced%20Delivery%2C%20we%20will%20ensure%20messages%20configured%20as%20part%20of%20these%20scenarios%20are%20handled%20correctly%20across%20the%20product.%20The%20protection%20filters%20will%20respect%20these%20configurations%20and%20not%20block%20these%20messages.%20And%20we%20will%20also%20show%20off%20these%20messages%20with%20the%20appropriate%20annotations%20in%20all%20of%20the%20reporting%2C%20investigation%20and%20security%20experiences%20in%20the%20product%2C%20so%20security%20teams%20and%20admins%20are%20not%20confused%20about%20the%20true%20nature%20of%20these%20messages.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESince%20these%20do%20not%20represent%20a%20real%20threat%20to%20your%20organization%2C%20we%20will%2C%20for%20example%2C%20not%20flag%20the%20messages%20as%20malicious%20and%20inadvertently%20remove%20them%20from%20your%20inbox%2C%20and%20we%E2%80%99ll%20skip%20things%20like%20triggering%20alerts%2C%20detonation%2C%20and%20automated%20investigations.%20However%2C%20admins%20will%20have%20the%20ability%20to%20filter%2C%20analyze%20and%20understand%20messages%20delivered%20due%20to%20these%20special%20scenarios.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22secops%20mbx.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F276862i66A06173C47A4684%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22secops%20mbx.png%22%20alt%3D%22Figure%202%3A%20Configuring%20Security%20Operations%20Mailboxes%20with%20Advanced%20Delivery.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%202%3A%20Configuring%20Security%20Operations%20Mailboxes%20with%20Advanced%20Delivery.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20will%20be%20important%20for%20customers%20who%20are%20utilizing%20ETRs%20to%20configure%20third-party%20party%20phishing%20simulation%20campaigns%20or%20delivery%20for%20security%20operation%20mailboxes%20today%20to%20start%20configuring%20these%20with%20the%20new%20Advanced%20Delivery%20policy%20when%20the%20feature%20is%20launched%20in%20July.%3C%2FP%3E%0A%3CP%3EAfter%20the%20last%20phase%20of%20Secure%20by%20Default%20is%20enabled%20in%20August%2C%20Defender%20for%20Office%20365%20will%20no%20longer%20deliver%20high%20confidence%20phish%2C%20regardless%20of%20any%20explicit%20ETRs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20learn%20more%20about%20the%20new%20advanced%20delivery%20policy%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fconfigure-advanced-delivery%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elearn%20more%20on%20Microsoft%20Docs.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%20id%3D%22toc-hId-1568686260%22%3EMaking%20it%20easy%20for%20customers%3C%2FH2%3E%0A%3CP%3EThis%20new%20way%20of%20handling%20phishing%20simulations%20from%203%3CSUP%3Erd%3C%2FSUP%3E%20party%20vendors%20and%20security%20operations%20mailboxes%20is%20cleaner%20and%20offers%20a%20great%20deal%20of%20predictability%20for%20security%20teams.%20We%E2%80%99ve%20seen%20numerous%20occasions%20where%20security%20admins%20and%20SecOps%20members%20have%20been%20stirred%20into%20action%20inadvertently%20because%20of%20lack%20of%20clarity%20in%20this%20regard.%20This%20new%20capability%20above%20eliminates%20all%20that%20confusion.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMost%20significantly%2C%20this%20feature%20makes%20it%20easier%20for%20security%20and%20messaging%20admins%20to%20rest%20assured%20that%20their%20ETR%20rules%20cannot%20impact%20the%20protection%20of%20their%20users%2C%20and%20prevents%20them%20from%20having%20to%20manually%20inspect%20all%20of%20their%20ETR%20rules%20(a%20daunting%20task)%20to%20guarantee%20that.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%20id%3D%22toc-hId--238768203%22%3EStay%20tuned...%3C%2FH2%3E%0A%3CP%3EWe%20covered%20here%20additional%20changes%20we%E2%80%99ve%20made%20to%20help%20customers%20understand%20configuration%20gaps%20and%20the%20capabilities%20we%E2%80%99ve%20launched%20to%20eliminate%20the%20legacy%20override%20problem.%20In%20the%20next%20blog%2C%20we%20will%20share%20details%20about%20additional%20features%20we%20are%20building%20to%20further%20eliminate%20the%20configuration%20gap%20problem%20in%20the%20case%20where%20customers%20may%20be%20unaware%20of%20security%20policy%20features%20available%20to%20them%20and%20have%20not%20turned%20these%20on.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDo%20you%20have%20questions%20or%20feedback%20about%20Microsoft%20Defender%20for%20Office%20365%3F%20Engage%20with%20the%20community%20and%20Microsoft%20experts%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMDOForum%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDefender%20for%20Office%20365%20forum%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2307134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EThis%20blog%20is%20part%20two%20of%20a%20three-part%20series%20on%20simplifying%20configuration%20of%20threat%20protection%20in%20Office%20365.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22config%20teaser%202.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F276864i0F9174C4C07255EC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22config%20teaser%202.png%22%20alt%3D%22config%20teaser%202.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2307134%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAwareness%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConfiguration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMastering%20Configuration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPrevention%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecure%20Posture%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2674020%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2674020%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20that%20confirmation.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20testing%20this%20in%20environments%20with%20a%20third%20party%20filter%2C%20it%20seems%20that%20some%20emails%20are%20still%20being%20scanned.%20Is%20there%20any%20way%20to%20identify%2Fconfirm%20if%20Advanced%20Delivery%20is%20being%20applied%3F%20Previously%20with%20mail%20flow%20rules%20you%20could%20determine%20this%20through%20the%20message%20events.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIs%20there%20is%20set%20date%20for%20when%20ETRs%20will%20no%20longer%20deliver%26nbsp%3Bcase%20of%20high%20confidence%20phish%20verdicts%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2630027%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2630027%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20to%20clarify%2C%20you%20said%20advanced%20delivery%20works%20regardless%20of%20skip%20listing%20or%20where%20mx%20record%20points.%20Does%20that%20mean%20this%20feature%20will%20work%20with%20any%20third-party%20filter%20without%20additional%20configuration%3F%26nbsp%3B%3CSPAN%3EI%20would%20just%20like%20to%20know%20exactly%20what%20options%20are%20available%20to%20have%20Advanced%20Delivery%20function%20correctly%20with%20third-party%20filters.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20understanding%20was%20one%20of%20the%20below%20options%20were%20required%20but%20it%20would%20be%20great%20if%20you%20could%20confirm.%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Have%20your%20domain%20MX%20record%20point%20to%20Office365%3C%2FP%3E%3CP%3E2.%26nbsp%3BSet%20up%26nbsp%3B%3CSPAN%3EEnhanced%20Filtering%20for%20connectors%26nbsp%3B(skip%20listing)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20again!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2717084%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2717084%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3BI%20use%20a%20phishing%20simulation%20solution%20that%20use%20over%20130%20domains%20that%20they%20own%20and%20are%20individually%20DKIM%20registered%2C%20will%20this%20new%20DKIM%20functionality%20allow%20me%20to%20whitelist%20all%20domains%20or%20just%20the%2010%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2728190%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2728190%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3Bhave%20you%20had%20the%20chance%20to%20look%20into%20my%20query%2C%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2607016%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2607016%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3EEdit%3A%209%2F10%2F21.%20To%20clarify%2C%20partner%20outreach%20to%20%3CSTRONG%3Eseveral%3C%2FSTRONG%3E%20major%20phishing%20simulation%20vendors%20was%20complete%20(not%20all).%20We%20will%20continue%20to%20evaluate%20solution%20and%20are%20open%20to%20engaging%20with%20phishing%20simulation%20vendors%20on%20their%20phishing%20simulation%20solution%20and%20how%20to%20best%20configure%20with%20Defender%20for%20Office%20for%20their%20customers.%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3EEdit%3A%209%2F10%2F21.%20To%20clarify%2C%20partner%20outreach%20to%20several%20major%20phishing%20simulation%20vendors%20was%20complete%20(not%20all).%20We%20will%20continue%20to%20evaluate%20solution%20and%20are%20open%20to%20engaging%20with%20phishing%20simulation%20vendors%20on%20their%20phishing%20simulation%20solution%20and%20how%20to%20best%20configure%20with%20Defender%20for%20Office%20for%20their%20customers.%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%0A%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1119641%22%20target%3D%22_blank%22%3E%40TreyContello%3C%2FA%3E%20--%20Yes%2C%20Microsoft%20has%20worked%20with%20vendors%20across%20the%20industry%20in%20preparation%20for%20the%20release%20of%20Advanced%20Delivery.%20We%20provided%20pre-release%20documentation%20to%20%3CSTRIKE%3Eall%3C%2FSTRIKE%3E%20several%26nbsp%3Bmajor%20phishing%20simulation%20vendors%20and%20we%20invited%20them%20to%20meet%20with%20us%20and%20provide%20feedback.%20This%20allowed%20for%20design%20feedback%20as%20well%20as%20provided%20the%20phishing%20simulation%20vendors%20with%20time%20to%20plan%20for%20the%20change%20as%20well%20as%20update%20documentation%2Fcommunication%20to%20their%20respective%20customers.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20noted%20in%20a%20couple%20of%20the%20above%20comments%2C%20we%20are%20adding%20one%20additional%20secure%20option%20for%20phishing%20simulation%20vendors%20-%20the%20ability%20to%20specify%20a%20DKIM%20domain.%20This%20is%20targeted%20to%20roll%20out%20in%20September%20(Please%20see%20M365%20Roadmap%20item%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D82083%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFeature%20ID%2082083%3C%2FA%3E).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20if%20specifying%2010%20sending%20domains%20doesn%E2%80%99t%20meet%20a%20phishing%20simulation%20vendor's%20needs%2C%20they%20could%20instead%20sign%20all%20of%20their%20messages%20with%20a%20particular%20phishing%20simulation%20vendor%20DKIM%20domain.%20The%20security%20admin%20(end%20user%20customer)%20would%20then%20have%20the%20option%20to%20enter%20either%20sending%20domain%20or%20phish%20sim%20vendor's%20DKIM%20domain%20via%20the%20new%20advanced%20delivery%20policy%20based%20on%20the%20phishing%20simulation%20vendor's%20guidance.%20The%20DKIM%20domain%20creates%20another%20secure%20option%20giving%20customers%20the%20flexibility%20to%20utilize%20sending%20domains%20and%2For%20DKIM%20domains.%20In%20order%20for%20this%20option%20to%20work%2C%20the%20phishing%20simulation%20vendor%20will%20need%20to%20implement%20DKIM%20domain%20in%20their%20phishing%20simulation%20offerings%20to%20customers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdding%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F208414%22%20target%3D%22_blank%22%3E%40Jenelle%20Sujat%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1003813%22%20target%3D%22_blank%22%3E%40Km_MSN%3C%2FA%3E%26nbsp%3Bfor%20questions%20along%20similar%20thread%20--%20Confirming%20that%20advanced%20delivery%20requires%20a%20message%20match%20on%20at%20least%201%20sending%20domain%20and%20at%20least%20sending%20IP%20and%20that%20each%20field%20has%20a%20limit%20of%2010%20entries.%20Several%20design%20options%20were%20vetted%20before%20landing%20on%20this%20solution.%20The%20DKIM%20domain%20option%20mentioned%20above%20is%20another%20option%20for%20phishing%20simulation%20vendors%20that%20will%20release%20in%20September.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2740492%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2740492%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F185466%22%20target%3D%22_blank%22%3E%40Simon%20Khera%3C%2FA%3E%2C%26nbsp%3BThe%20DKIM%20domain%20enhancement%20to%20Advanced%20Delivery%20is%20expected%20to%20release%20at%20the%20end%20of%20September.%26nbsp%3B(Please%20see%20M365%20Roadmap%20item%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D82083%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFeature%20ID%2082083%3C%2FA%3E).%20As%20mentioned%20in%20my%20above%20response%20to%20a%20similar%20question%3A%20If%20specifying%2010%20sending%20domains%20doesn%E2%80%99t%20meet%20a%20phishing%20simulation%20vendor's%20needs%2C%20t%3CU%3Ehey%20could%20instead%20sign%20all%20of%20their%20messages%20with%20a%26nbsp%3Bphishing%20simulation%20vendor%20DKIM%20domain%3C%2FU%3E.%20The%20limit%20on%20the%20domain%20field%20is%20still%2010%20(can%20be%20a%20mix%20of%20P1%20sending%20domains%20and%20DKIM%20domains).%20The%20security%20admin%20(end%20user%20customer)%20would%20then%20have%20the%20option%20to%20enter%20either%20sending%20domain%20or%20the%20one%20phish%20sim%20vendor's%20DKIM%20domain%20via%20the%20new%20advanced%20delivery%20policy%20based%20on%20the%20phishing%20simulation%20vendor's%20guidance.%20The%20DKIM%20domain%20creates%20another%20secure%20option%20giving%20customers%20the%20flexibility%20to%20utilize%20sending%20domains%20and%2For%20DKIM%20domains.%20In%20order%20for%20this%20option%20to%20work%2C%20the%20phishing%20simulation%20vendor%20will%20need%20to%20implement%20DKIM%20domain%20in%20their%20phishing%20simulation%20offerings%20to%20customers.%20We%20will%20continue%20to%20evaluate%20the%20solution%20and%20welcome%20engaging%20and%20collaborating%20with%20phishing%20simulation%20vendors%20on%20their%20specific%20phishing%20simulation%20campaign%20needs%20and%20how%20to%20best%20configure%20in%20Defender%20for%20Office%20365%20with%20security%20in%20mind.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPlease%20stay%20tuned%20for%20more%20info.%20We%20will%20be%20releasing%20a%20message%20center%20post%20for%20the%20upcoming%20release%20with%20additional%20details%20shortly.%20%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2740535%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2740535%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1123692%22%20target%3D%22_blank%22%3E%40Ian_Finn%3C%2FA%3E%26nbsp%3Bplease%20submit%20a%20support%20ticket%20for%20the%20team%20to%20investigate%20and%20look%20into%20the%20details.%20Secure%20by%20Default%20for%20ETRs%20rollout%20has%20begun%20and%20will%20complete%20by%20end%20of%20September.%20Please%20see%20message%20center%20post%26nbsp%3B%3CSTRONG%3EMC265759%26nbsp%3B%3C%2FSTRONG%3Efor%20details.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2745637%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2745637%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%26nbsp%3Bhowever%20this%20does%20not%20help%20us%20as%20our%20provider%20own%20all%20of%20their%20domains%20and%20all%20emails%20are%20DKIM%20registered%20to%20their%20own%20domain%20along%20with%20having%20DMARC%20and%20SPF%2C%20surely%20this%20is%20the%20correct%20way%20of%20setting%20up%20these%20Phish%20emails%20rather%20than%20sending%20from%20one%20domain%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2802670%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2802670%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20all%20those%20of%20you%20who%20like%20us%20have%20had%20our%20Phishing%20testing%20completely%20destroyed%20by%20Microsoft%20which%20in%20turn%20messed%20up%20some%20of%20our%20mandatory%20compliance%20testing%20we%20do%20as%20a%20Health%20Care%20organization%20I%20present%20the%20solution%20we%20used%20to%20get%20around%20this%20boneheaded%20move%20of%20Microsoft's.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20there%20was%20no%20way%20to%20get%20Microsoft%20to%20allow%20the%20mail%20from%20our%20Phishing%20Provider%2C%20KnowBe4%2C%20within%20the%20limited%20confines%20of%20the%20new%20system%20I%20decided%20to%20just%20let%20Microsoft%20quarantine%20them%20all%20and%20then%20use%20some%20Powershell%20to%20release%20the%20ones%20that%20I%20wanted.%26nbsp%3B%20This%20can%20be%20run%20manually%20or%20as%20part%20of%20a%20regular%20timed%20script%20.%26nbsp%3B%20You%20only%20need%20to%20make%20changes%20to%20to%20the%20two%20variables%20on%20likes%205%20(%24HoursBack)%2C%20which%20dictates%20how%20far%20back%20in%20the%20quarantine%20the%20scripts%20looks%2C%20and%20line%208%20(%24MessageIDFilter)%2C%20which%20dictates%20how%20to%20match%20the%20MessageID%20field%20which%20for%20us%20being%20KnowBe4%20looks%20like%20%22*%40psm.knowbe4.com*%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%20others%20in%20the%20mess.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%24i%20%3D%200%0A%24SetSize%20%3D%201000%0A%0A%23%20Set%20how%20many%20hours%20back%20you%20wish%20the%20script%20to%20look.%0A%24HoursBack%20%3D%20-1%0A%0A%23%20Set%20the%20MessageID%20filter%20you%20wish%20to%20use.%20(Example%20%22*%40psm.knowbe4.com*%22%20for%20KnowBe4)%0A%24MessageIDFilter%20%3D%20%22*%40psm.knowbe4.com*%22%0A%0AWhile%20(%24SetSize%20-gt%200)%20%7B%0A%20%0A%20%24i%2B%2B%0A%20%24CurrentSet%20%3D%20Get-QuarantineMessage%20-StartReceivedDate%20(Get-Date).AddHours(%24HoursBack)%20-EndReceivedDate%20(Get-Date)%20-Page%20%24i%20-PageSize%201000%0A%20%24FilteredSet%20%3D%20%24CurrentSet%20%7C%20Where-Object%20%7B%24_.MessageID%20-like%20%24MessageIDFilter%7D%0A%20Write-Host%20%22Round%20%24(%24i)%3A%20CurrentSet%20%3D%20%24(%24CurrentSet.count)%20and%20FilteredSet%20%3D%20%24(%24FilteredSet.count)%20-%20Releasing%20Messages%22%0A%20%24FilterCount%20%3D%200%0A%20%24FilteredSet%20%7C%20%25%20%7B%0A%20%20%24FilterCount%2B%2B%0A%20%20%24FilterPercentage%20%3D%20%24FilterCount%20%2F%20%24FilteredSet.count%20*%20100%0A%20%20%24FilterPercentage%20%3D%20%5Bmath%5D%3A%3ARound(%24FilterPercentage%2C%202)%0A%20%20Write-Progress%20-Activity%20%22Releasing%20Messages%3A%20%24(%24FilterCount)%20-%20Round%3A%20%24(%24i)%22%20-Status%20%22%24(%24FilterPercentage)%25%20Complete%3A%22%20-PercentComplete%20%24FilterPercentage%0A%20%20Release-QuarantineMessage%20-ReleaseToAll%20-Identity%20%24_.Identity%7D%0A%20%24SetSize%20%3D%20%24CurrentSet.count%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2502509%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2502509%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20this%20by%20default%20to%20all%20excahnge%20online%20plans%20or%20any%20specific%20license%20is%20requried%3F%20Thanks%2C%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2862989%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2862989%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20a%20very%20interesting%20post%20and%20even%20more%20interesting%20comments!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQ%20for%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F837994%22%20target%3D%22_blank%22%3E%40Sundeep_Saini%3C%2FA%3E%3A%20Is%20there%20a%20way%20to%20verify%20that%20the%20DKIM%20support%20for%20Advanced%20Delivery%20Policy%20(feature%20ID%26nbsp%3BFeature%20ID%2082083)%26nbsp%3Bis%20activated%20for%20a%20specific%20customer%3F%20I%20noticed%20the%20text%20in%20the%20top%20of%20the%20%22Edit%20third%20party%20phishing%20simulations%22%20window%26nbsp%3Bnow%20mention%20DKIM%20-%20does%20that%20mean%20it's%20avaliable%20to%20use%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2863125%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2863125%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1190182%22%20target%3D%22_blank%22%3E%40Rikardz%3C%2FA%3E%2C%20the%20DKIM%20support%20for%20Advanced%20Delivery%20Policy%20(Feature%20ID%2082083)%20was%20launched%201st%20week%20of%20October%20and%20is%20available%20to%20tenants%20worldwide.%20Rollout%20to%20gov%20clouds%20is%20still%20in%20progress%20and%20will%20complete%20by%20end%20of%20month.%20Since%20you%20see%20the%20mention%20of%20DKIM%20-%20I%20believe%20you%20do%20indeed%20have%20it%20enabled%20for%20your%20tenant.%20If%20you%20run%20into%20any%20issues%2C%20please%20open%20up%20a%20support%20case.%20I%20believe%20you%20are%20all%20set!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2509035%22%20slang%3D%22en-US%22%3ERe%3A%20Mastering%20Configuration%20in%20Defender%20for%20Office%20365%20-%20Part%20Two%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2509035%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1092264%22%20target%3D%22_blank%22%3E%40IT_Admin_8794%3C%2FA%3E%26nbsp%3BThat%20is%20correct%2C%20we%20would%20still%20continue%20to%20honor%20the%20ETR%20in%20the%20example%20you%20mentioned.%20However%2C%20recommend%20that%20you%20use%20Admin%20Submissions%20to%20submit%20this%20to%20Microsoft%20so%20filters%20can%20improve%20organically.%20Learn%20more%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fadmin-submission%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdmin%20submissions%20-%20Office%20365%20%7C%20Microsoft%20Docs%3C%2FA%3E.%20We%20are%20also%20working%20on%20an%20enhancement%20to%20the%20tenant%20allow%20block%20list%20where%20you%20could%20add%20a%20partial%20allow%20for%20this.%20This%20should%20be%20available%20later%20this%20year.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Aug 12 2021 10:59 AM
Updated by:
www.000webhost.com