Whitelisting

%3CLINGO-SUB%20id%3D%22lingo-sub-2392823%22%20slang%3D%22en-US%22%3EWhitelisting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2392823%22%20slang%3D%22en-US%22%3E%3CP%3E1.%20We%20have%20some%20system%20mailboxes%20for%20ticketing%20systems%20where%20we%20need%20to%20ensure%20that%20mails%20are%20not%20blocked%20because%20of%20%22Junk%20detection%22%20but%20we%20still%20would%20want%20to%20block%20Spoof%2FPhishing%20mails.%20Right%20now%20the%20only%20real%20option%20seems%20to%20be%20to%20go%20with%20an%20ETR%20and%20set%20the%20SCL%20-1%20which%20is%20allowing%20more%20than%20we%20want%20to.%20Is%20there%20a%20way%20to%20only%20disable%20the%20Junk%20Filter%20to%20avoid%20False%2FPositives%20in%20a%20scenario%20like%20this%20where%20we%20can%20not%20filter%20by%20senders%3F%3C%2FP%3E%3CP%3E2.%20Is%20there%20any%20information%20what%20exactly%20qualifies%20ad%20%22high%20confidence%20phish%22%3F%20Did%20not%20find%20anything%20so%20far.%3C%2FP%3E%3CP%3E3.%20The%20filtering%20stack%20diagram%20is%20great!%20Is%20there%20also%20any%20overview%20which%20parts%20are%20excluded%20for%20example%20when%20setting%20SCL%20-1%20in%20a%20ETR%3F%20Or%20when%20working%20with%20allowed%20IPs%20in%20the%20Connection%20Filter.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2392990%22%20slang%3D%22en-US%22%3ERe%3A%20Whitelisting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2392990%22%20slang%3D%22en-US%22%3EWe%20are%20in%20the%20process%20of%20removing%20the%20high%20confidence%20phish%20overrides%20from%20ETR-1.%20Check%20out%20the%20blog%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-office%2Fmastering-configuration-in-defender-for-office-365-part-two%2Fba-p%2F2307134%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-for-office%2Fmastering-configuration-in-defender-for-office-365-part-two%2Fba-p%2F2307134%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EHigh%20confidence%20phish%20can%20come%20from%20detections%20across%20a%20wide%20range%20of%20filters%2C%20but%20in%20all%20cases%20it%20is%20phishing%20mail%20that%20we%20think%20could%20be%20particularly%20harmful%20to%20your%20business%20or%20result%20in%20compromise.%3C%2FLINGO-BODY%3E
New Contributor

1. We have some system mailboxes for ticketing systems where we need to ensure that mails are not blocked because of "Junk detection" but we still would want to block Spoof/Phishing mails. Right now the only real option seems to be to go with an ETR and set the SCL -1 which is allowing more than we want to. Is there a way to only disable the Junk Filter to avoid False/Positives in a scenario like this where we can not filter by senders?

2. Is there any information what exactly qualifies ad "high confidence phish"? Did not find anything so far.

3. The filtering stack diagram is great! Is there also any overview which parts are excluded for example when setting SCL -1 in a ETR? Or when working with allowed IPs in the Connection Filter.

1 Reply
We are in the process of removing the high confidence phish overrides from ETR-1. Check out the blog: https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-office/mastering-configuration-in-defe...

High confidence phish can come from detections across a wide range of filters, but in all cases it is phishing mail that we think could be particularly harmful to your business or result in compromise.
www.000webhost.com