ATP Anti-phishing - Impersonation
We enabled impersonation to protect all our domains with ATP. One of the senders domain (hosted in office 365) is somewhat similar to one of our hosted domain. Due to ATP check, email sent from the domains were placed in Junk folder. Problem is that some emails were delivered and some were sent to the junk folder. It is not consistent. As both domains were hosted in Office 365 (different tenant), email sent from both of the domains should be trusted by Office 365 and should not go through ATP check in my opinion. Microsoft should have this trusted internally. Rather than providing the workaround to have the sender domain to be added as trusted domain by the customer.
My thought: if the domain is trusted implicitly because it is in Office 365, then there is no protection against compromised user accounts in an Office 365 tenant. With so many phishing emails aiming to get Office 365 account credentials, there has to be something running across the service to gauge the current validity of each message.