Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Advanced Threat Protection Whitelist

Current Advanced Threat Protection (ATP) scans all non-standard attachments sent, even internally sent emails. This means it could take 30min to receive the a PDF file or scan the from the person in the office next to you. We need a way to create a white-lists and or transport rules for ATP in the same way their is for the spam filter. Either that or speed up the ATP process so it doesn't take so long.

213 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Caleb shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Please understand that ATP feature is actually detonating the attachment in a sandbox. As such, we believe that the protections offered by ATP are worth a few extra minutes. We believe that the worst performance issues with ATP are understood and are being addressed. That said, we also now have more features that will allow you the flexibility to decide what to do when it takes longer than you’d like. The documentation is still being updated, but you can check out the session from Ignite here:
    https://myignite.microsoft.com/videos/1339. There are several other sessions on this topic as well.

    For the ultimate in flexibility, you may also consider creating an Exchange Transport Rule that adds the header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing to value of 1 under certain criteria. This will essentially disable ATP safe attachment scanning for rules which meet the criteria.

    For safe links, the header is X-MS-Exchange-Organization-SkipSafeLinksProcessing.

    53 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        It seems adding a rule to stamp the header X-MS-Exchange-Organization-SkipSafeAttachmentProcessing value 1 works but does not actually show in the header after the client receives it. Can anyone confirm this?

      • Heath commented  ·   ·  Flag as inappropriate

        I would really like to see a filtering option that lets you define senders, not just recipients, in ATP.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Other online filtering services such as Fireeye are nearly instant scans. I don't understand the difference between this service and Microsoft ATP. The dealy is not business firendly which works at a high reate of speed or sales may be lost.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is **** ! I can't open any important links in my mail. I did not aske for this.
        Please remove this from my mail.

      • Anonymous commented  ·   ·  Flag as inappropriate

        i really appreciate Microsoft for coming out with the extra measures to protect the user from hackers and possible virus attack. However if the scan took 30 minutes, it is certainly worth the wait. BUT i have a concern here, i've some email which was sent to me, in January 2018 AND when i look back into the email, it is still under ATP scan. This is certainly not just 30 minutes, it is more than 30 days.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Internal attachments that are known to be safe are being blocked by the ATP safe attachment policy. Microsoft must improve the product by at least allowing to whitelist the senders.

      • Tom Scalish commented  ·   ·  Flag as inappropriate

        Unable to use ATP until Microsoft adds an exception from a sender to the rule.
        Our mainframe pumps out hundreds of Excel reports that are known to be safe,
        During a test of the product the user frustration waiting for known safe attachments to be scanned was very frustrating.

      • Anonymous commented  ·   ·  Flag as inappropriate

        1/18/2018 still no solution from Microsoft on this one... and the explanation is that you can go outside the product to try and address it thru a transport rule... That's user friendly ( not )

      • Trent_ B commented  ·   ·  Flag as inappropriate

        There seems to have been a service disruption yesterday where even small files were taking up to 30 mins to scan and be delivered. This happened to 3 different users. 2 were internal senders and one was an external sender. Not sure that this is the right place for this comment, but thinking it would be nice if ATP had it's own Service Status category.

      • Gaurav Anand commented  ·   ·  Flag as inappropriate

        Hello Microsoft ATP Team,

        This is to bring to your notice that spammers/phishers have started targeting Office 365 Tenants which creates a mail loop between Office 365 hosted domains and these emails are getting circulated through which accounts gets compromised. We had a lot of incidences happening in our environment, As these emails are getting generated from the actual account hosted in Office 365 the email are considered to be safe and lands in users Inbox. We have ATP safe links policy in place however its not performing the job as expected. ATP is a great feature but we request you all to look in this matter on a larger scale. We have created a case with Microsoft Support for Office 365.

      • Anonymous commented  ·   ·  Flag as inappropriate

        i would like to add also my feedback, its weird for a company like Microsoft to do not have planned to give people using ATP to permit an exception based on the sender instead of only the receiver.
        I also needed to create a more comple exception just because of an avatar image inside a notification email from confluence....

      • Chris Littlefield commented  ·   ·  Flag as inappropriate

        We have tested adding an IP address mail flow rule with the following action:

        Set the message header 'X-MS-Exchange-Organization-SkipSafeAttachmentProcessing' to the value '1'

        This does not have an effect on ATP blocking attachments. Is there something I'm missing to get this rule to work?

      • Ron commented  ·   ·  Flag as inappropriate

        Come on Microsoft. It is now August 2017. The company I work for is paying for this Exchange Advanced Protection and we are only using half of its capabilities. We want the ability to white-list internal emails before we turn "safe attachments" feature on again. What is also nice to have is the ability to add external senders to a white-list.

      • Matthew Peronto commented  ·   ·  Flag as inappropriate

        This issue should not be closed. Our users would like an internal whitelist, if nothing else: "Except if the sender domain is..." seems like a no brainer. (Along with SPF, maybe)

      • me commented  ·   ·  Flag as inappropriate

        Another vote for white list.. All the other competitors have this feature.. step up and make it

      • Caleb commented  ·   ·  Flag as inappropriate

        This isn't a user friendly solution, but it's not a workaround. It does resolve the issue. I agree that a user friendly white-list should be implemented in addition to this solution.

      • Craig commented  ·   ·  Flag as inappropriate

        Honestly I consider the "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" a work around which did not address the issue. A "white-list would but it appears you are not planning on doing thsi?

      • Michael Uribe commented  ·   ·  Flag as inappropriate

        So it marks this issue as addressed but there is still no Whitelist availalbe. Also I see no documentation that was mentioned in the addressing post. This is still a glaring issue for our organization when it comes to ATP.

      • Jeffrey commented  ·   ·  Flag as inappropriate

        Really, it should allow domains too, like http://www.staples.com/* since many people send links that are not only the exact url but pages in that same domain which are expected to be safe.

      • Caleb commented  ·   ·  Flag as inappropriate

        Thanks for the comment. I read the other posts just after I posted. I didn't realize we could delete comments now. I would have done so if I knew that was an option. thanks again, I'm glad to see the positive answer to this question.

      ← Previous 1 3

      Feedback and Knowledge Base