Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Defender

3 Topics

URL Detonation Reputation - How do you like it?
I personally have found this detection technology to be a huge pain in the buttocks. To me, this feature doesn't really look at specific threats or risks, it just says "You cannot do anything that involves this domain name". And with that analogy, "involves" translates to any of the following: Domain is in the subject or body One of the included recipient addresses to which the message is addressed uses the domain. One of the recipients who show in the body of the email due to it being a conversation/thread, uses that domain in their address. An attachment includes that domain within its text (PDF, Word, Excel, TXT, all personally observed by me). These things get blocked as "High confidence phish". To me, they are not that whatsoever, until the message itself is doing some of the "phish" verb. This feels like an overstep on the verdict and I'd prefer they come up with a new name for the detection type, as well as a new drop down box for us to choose between MoveToJunk or Quarantine. Most times I've observed this feature "saving" clients, it's a pain in the butt for the client. I will point out the one improvement I've seen since I started belly-aching over this - it is that Microsoft now puts the bad URL/domain from within the attachments, into the list of URLs in the email entity page within M365 Defender portal. So there is at least that there now, which adds the improvement of not having to go through MS Support to find out what is the supposed bad-rep URL. Would like to know if anyone else finds this feature as a pain for the most part, and hear any other suggestions, or just confirmations about my suggestion (new category of detection so we don't have to treat these things like (HC)phish).
Solved
JeremyTBradshaw
Jul 16, 2024 Place Exchange
46KViews
2likes
31Comments
Image Control
Good afternoon, We're currently using Symantec Email Security but are considering moving to Exchange Online Protection with Microsoft Defender for Office. One feature that seems to be missing from the Microsoft stack is the ability to block inappropriate images in-path and redirect to quarantine / another mailbox for approval. Not all images should be blocked (so we can't use a file filter), only inappropriate images. I'm aware of Purview Communication Compliance, but this provides a retrospective view on compliance rather than blocking at the time. Does anyone know of any services (MS or 3rd party) that can be bolted on for this functionality? Thanks, Michael
MichaelFleet
Nov 23, 2023 Place Exchange
810Views
0likes
0Comments
How to adjust (not set) SCL for incoming messages in Exchange Online
Setting a specific SCL for an incoming message is easy, but I can't find a way to reduce or increase an SCL based on specific criteria. Is this possible with Exchange Online? If so, how do you do it? This is a trivial task in every anti-spam product I've ever used except for Exchange/EOP/Defender. (Irrelevant, but relevant to a decade-long trend in Microsoft UIs: The Tech Community site has become the most unintuitive, obscure tech forum I have ever seen. The most basic functions are hidden or absent.)
Solved
Jay Carper
Dec 02, 2021 Place Exchange
1.8KViews
0likes
5Comments