We have many clients on Sophos filtering of email before delivery to m365
Yesterday we had several clients, where the email was "removed" (after delivery) from their inboxes and taken back to M365 quarantine as a "high confidence phish"
Essentially it was very much (all) the emails that contained a URL
I'm wondering if the Sophos modification of those URL's at the spam/virus filter end (safe links) prior to delivery, is upsetting "something" at M365 and what do we need to do to fix it?
[edited by: Raphael Alganes at 5:30 AM (GMT -7) on 7 Jun 2023]