Advanced Threat Protection Whitelist 2019
ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly identifying attachments as malware. Here is the original Uservoice that no longer works:
Yes, users are confused when scanned files take long to arrive. Should be possible to whitelist user or user & ip combination.
Agreed. This is urgently needed. Expecting all emails from an internal scanners email address to be scanned using safe attachments is disappointing. There needs to be an option to add an exception or whitelist for specific addresses/domains.
I agree, this is needed.