I've setup the email advanced on a test domain in my organisation for the sole purpose to see how the VIP protection works (and other items, but they're not in question here).
So it's all setup and seems fine, I get the impersonation banner etc. but only if I send my test account an email from my gmail.
Gmail > 365 test account > marked as impersonation
outlook.com > 365 test account > not marked (seems to take a single hop and lands in mailbox).
other 365 tenant > 365 test account > not marked, similar to above.
Bearing in mind I am not sending to my actual account, my test account is named differently as I know impersonation protection doesn't work to yourself, based on the presumption you would know you're not scamming yourself.
My concern is if this doesn't protect against outlook.com and other 365 tenants impersonating then it's only partially effective as anyone can create outlook.com accounts.
Anyone else had/seen/fixed/cried themselves to sleep over this?
So actually this does work, for some reason all the Microsoft services took 2 days to recognise the MX change and now does what it's supposed to. At least I know now to be patient when setting this up…
Impersonation protection checks for the VIP name.
If your VIP user is Lucar Toni, it will protect another user in your setup from Email caused by "Lucar.Toni@outlook.com". It will not block Lucar.Toni@outlook.com to lucar.toni in your setup, as this is likely the same person and commonly used to send yourself emails.
That's not what I'm on about as I'm not impersonating myself to myself, I'm going "Ian hellier <email@example.com>" to "lord twig <firstname.lastname@example.org>" which flags as impersonating the VIP name (Ian hellier) however when I send from "Ian hellier <email@example.com>" it does not flag. Doesn't flag from 365 or outlook.com but does from gmail and presumably other places too.
Interesting. It did last time i checked the feature. I would recommend to check the with the support, if they can extract the logs of this attempt.
The email headers literally only show a single hop, similar to what you would see on the old school in house mailboxes as if Microsoft is simply moving the email from one mailbox to another and it's not actually going through any smtp methods between accounts.
If there is a shortcut, Central Email cannot protect against VIP. I am not a outlook365 expert and cannot find any information about this shortcut. I would expect to have the option to disable this direct connection between O365 and outlook.com but i cannot answer this.
Thing is I'm not sure it's always done this, we used the service ages ago and didn't experience this so at the back of my head I'm concerned it might be a silent change on 365/outlook side. I just can't verify it.
So actually this does work, for some reason all the Microsoft services took 2 days to recognise the MX change and now does what it's supposed to. At least I know now to be patient when setting this up and testing.
Thanks for the clarification. get-mobdro.com