Phish Threat quarantined by Microsoft

Question

Hi, 
 Some phish threat emails are being automatically quarantined by Microsoft despite adding all the Sophos Senders to the Phishing Simulation under Microsoft 365 Defender > Policies & Rules > Threat Policies > Advanced delivery > Phishing Simulation. Both Sophos IPs ( 54.240.51.52 and 54.240.51.53 ) are also added. 
 Some phish threat emails will come through, but some will not. 
 I have followed this KB to set up two rules to skip SafeLinks and Attachments. 
 Sophos Phish Threat: Bypass safe links and safe attachments processing 
 
 I am testing this phish threat. While this one will work and arrive in my inbox. 
 From what I have been able to gather is, when the test phish threat emails hit Microsoft servers, it gets scanned and labelled as spam and sent to the quarantine, despite us having transport rules set to allow them. 
 How can I make sure all Sophos Phish Threat emails will come through?

emmosophos · Answer

Hello there, 
 Thank you for contacting the Sophos Community. 
 Make sure yo set the Spam confidence to -1 ( https://doc.sophos.com/central/customer/help/en-us/ManageYourProducts/EmailSecurity/SophosGateway/ExternalServices/ConfigureM365/index.html#bypass-exchange-online-protection-in-microsoft-365 ) 
 Regards,