Advanced Threat Protection Whitelist 2019
ATP needs a way to whitelist inbound email (IP or domain) from being quarantined as malware. Back in 2016 this issue was resolved by adding exchange mail flow rules to add headers. However, this method no longer works, and Microsoft support (ticket 12611412) confirms that ATP filters before mail rules are applied, and there is no way to whitelist inbound IP's to bypass ATP malware filtering. The only options in the settings is based on recipient. In my case, I want to whitelist to allow a Security Awareness Training provider to send test emails to our users. ATP is incorrectly identifying attachments as malware. Here is the original Uservoice that no longer works:
https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/9292590-advanced-threat-protection-whitelist

26 comments
-
Anonymous commented
This is a urgently needed feature. Users would rather disable the attachment scan, just because we cannot whitelist the internal scanner email address.
-
Anonymous commented
Agree, this needs to be fixed.
-
Josh commented
This is beyond obnoxious.
-
J commented
Yes, users are confused when scanned files take long to arrive. Should be possible to whitelist user or user & ip combination.
-
Jonathan commented
Agreed. This is urgently needed. Expecting all emails from an internal scanners email address to be scanned using safe attachments is disappointing. There needs to be an option to add an exception or whitelist for specific addresses/domains.
-
Caleb commented
I agree, this is needed.