This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phish Threat quarantined by Microsoft

Hi, 

Some phish threat emails are being automatically quarantined by Microsoft despite adding all the Sophos Senders to the Phishing Simulation under Microsoft 365 Defender > Policies & Rules > Threat Policies > Advanced delivery > Phishing Simulation.
Both Sophos IPs ( 54.240.51.52 and 54.240.51.53 ) are also added.

Some phish threat emails will come through, but some will not.

I have followed this KB to set up two rules to skip SafeLinks and Attachments.

Sophos Phish Threat: Bypass safe links and safe attachments processing

I am testing this phish threat.


While this one will work and arrive in my inbox.

From what I have been able to gather is, when the test phish threat emails hit Microsoft servers, it gets scanned and labelled as spam and sent to the quarantine, despite us having transport rules set to allow them.

How can I make sure all Sophos Phish Threat emails will come through?



Added TAGs
[edited by: emmosophos at 7:33 PM (GMT -8) on 16 Feb 2024]
Parents Reply Children
  • Hi  , 

    All our emails are routed through an initial filtering system (using MX records) then sent to O365.On that filtering system, I can see the email arrived and allowed, because it is explicitly configured to allow all phish treats from Sophos. When arriving at O365, there is a rule that sets all emails to SCL -1.
    This is already done.

    What else can be done?