Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Advanced Threat Protection Whitelist 2019

ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly identifying attachments as malware. Here is the original Uservoice that no longer works:
https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/9292590-advanced-threat-protection-whitelist

111 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    13 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Royce Lithgo commented  ·   ·  Flag as inappropriate

        This is really needed.There should additional configurations for the malware filter to control when it is triggered or bypassed.

      • Mike commented  ·   ·  Flag as inappropriate

        We have elected to remove the scanning of attachments because of long delays in excess of 1-2 hours, not acceptable for anyone. Crazy that they would let this issue continue. In my mind, this is a beta product. If you want to bypass scanned documents, you might use the email address using the "onmicrosoft" email domain and exclude that domain from the scanning of attachments policy until they get the thing fixed.

      • Anonymous commented  ·   ·  Flag as inappropriate

        An absolute need - we have had at least two time periods where scans were taking over an hour!

      • Colt Albrecht commented  ·   ·  Flag as inappropriate

        Yes, I am having customers complain about their scan to emails taking 5min or more depending on pages they scan in due to this. Please add white-list option or method.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is a urgently needed feature. Users would rather disable the attachment scan, just because we cannot whitelist the internal scanner email address.

      • J commented  ·   ·  Flag as inappropriate

        Yes, users are confused when scanned files take long to arrive. Should be possible to whitelist user or user & ip combination.

      • Jonathan commented  ·   ·  Flag as inappropriate

        Agreed. This is urgently needed. Expecting all emails from an internal scanners email address to be scanned using safe attachments is disappointing. There needs to be an option to add an exception or whitelist for specific addresses/domains.

      Feedback and Knowledge Base