Sophos Central Admin: Sophos Central Engineering will be performing routine maintenance to Sophos Central on Saturday February 1, 2020 starting at 13:00 (UTC). For more info please see KBA 133402.

Credential Harvesting being stopped by Windows Defender SmartScreen

It's good but it's bad.

I've bypassed all domain and URL filtering successfully in Office 365/ATP. However, when a user clicks the link it's still getting caught by 

Windows Defender SmartScreen. It looks like any GPO settings are all or nothing and we certainly don't want to disable this across the entire domain.
Had anyone else ran into this issue. Credential harvesting campaigns are something we really want to start using.