Bump! Our users are clamoring for this feature. We recently enabled Bulk Mail Filtering, which dramatically increased the amount of mail landing in quarantine.
Shared mailbox users do not currently have any way to check the shared mailboxes quarantine in real-time.
Shared mailbox users currently have to wait for the quarantine notification email to be sent, at a minimum frequency of once per day.
Please provide a method for shared mailbox users to inspect the quarantine of the shared mailbox, and release messages, as needed.
8 votes1 comment · Office 365 Security & Compliance » Advanced Security Management · Flag idea as inappropriate… · Admin →
Excellent idea. We would very much like to be able to place mail in per-user quarantine via rule.
33 votes4 comments · Office 365 Security & Compliance » DLP & Transport Rules · Flag idea as inappropriate… · Admin →
One way to implement this would be to put in a two-stage spam filtering logic. In the first stage, the spam scores would be generated, and associated headers added to the message. After the first stage process, transport rules would kick in. Transport rules would be able to inspect and modify the header. Finally, after transport rules finished processing, the second spam filter stage would execute, enforcing the spam and bulk mail policies.
Proposed order of processing:
1) Edge Block
3) Spam, phishing, and bulk mail scoring
4) Transport Rules
5) Spam, phishing, and bulk mail policy enforcement
6) Deliver to mailbox
115 votes5 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
Display Custom Safety Tip as a new Rule Action would be better yet. If one or more Safety Tips could be raised via a mail flow/transport rule, we could easily control when they were displayed.
We could, for example, suppress Safety Tips if the message has an SCL of -1, or if the sender is on the recipients trusted senders and domains list.*
*Actually, this capability is probably a feature request, in and of itself.
459 votes31 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
Thank you for the feedback. Although we don’t have a timeframe in mind to share yet, this is something we would like to prioritize.
Administrators can now delete messages from the hosted quarantine with PowerShell. See Get-QuarantinedMessage and Delete-QuarantinedMessage. Update status of request?
Admin's need this ability like, yesterday! We are seeing phishing attacks land in the quarantine left and right, but once they are there, there is nothing we can do about it.
We know there are bad messages in the quarantine.
We know that a certain percentages of users will be taken by the scam, just the same, and release the message from the quarantine.
We know that a certain percentages of those users, how released the phishing message from quarantine, will then fall for the phish.
Alas, this happens all too often.
As admins, we are currently powerless to help. We really need a way to purge known bad messages from the quarantine.
18 votes0 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
ZAP is very promising. Additional reporting would be great, particularly from an incident response (IR) perspective.
Please consider also adding:
1) *did the recipient open the attachment before the attachment was "zapped"*.
2) when was the attachment zapped.
3) what was the SHA1/SHA256 hash of the attachment
4) was the attachment zapped from any other mailboxes?
5) why was the attachment zapped
6) if malware was identified, please tell us the name/family.
7) a time delta, between message delivery and zap intervention, would be nifty, too.
Lastly, the ability to customize the language in the replacement attachment might be helpful, too.
41 votes5 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
Prefixing the URL with a long file name is problematic from an end-user education standpoint. We train users to inspect URLs before clicking on them. The long ATOP SafeLinks URLs are very unwieldy, particularly on mobile devices. Mobile phishing is becoming more and more of a problem.
How about going with a shortened URL, and please, avoid the URL encoding (the browser will encode the link automatically, when the user clicks on it, IIRC). Here's a SafeLinks format that would be far easier to train to:
9 votes2 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
Agreed. The UX here doesn't work well, and his difficult to explain to end-users