Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

only generate one notification for phishing/impersonated user events

There are two default alert policies,
"Phish delivered due to tenant or user override"
"User impersonation phish delivered to inbox/folder"

When a phishing message is received, because our anti-phishing policy Action is to "take no action" we get (2) two notifications. One, that the message was delivered due to an override, and a second that a phish message was delivered to folder/inbox.

It's unclear what is considered an override. Based on our experience the assumption is that "Take no action" is considered an override. What else is considered an override?
Adding an address to the tp anti-spam policy "safelist"?
User adding address to the mailbox level safelist?
Need more information

5 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jon Webster shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Office 365 Security & Compliance: Spam & Phishing

Categories

Feedback and Knowledge Base

(thinking…)

Related Sites