Sophos filtered Email to M365 - Microsoft then removing legit emails as High Confidence Phish

Hello,

This issue is being investigated under XGE-28086 

If you’re being affected by this, please share the following in your case Details:

1) Queue IDs of Affected Emails:

Go to > Email Security > Logs & Reports > Message History > Subject (localize the affected emails and click the subject) > Raw Header and look for ESMTPS id 4PXYy06g0Kz1y9P (Usually around the 10th line) or let support which emails are being affected

2) Remote Access ID:

Top Right Corner > Click your name/Org > Account Details > Sophos Support > Turn on Remote Assistance > and COPY AND PASTE "The unique ID for this Sophos Central account is:" number

3) Location of the Central Account :

4) Mention XGE-28086 if the issue is with Mailflow or PHISH-8610 if the issue is related to Sophos Phish Threat 

Top Right Corner > Click your name/Org > Account Details > Sophos Support > Scroll down to "This account is located in the XXXXXXXXXXXX region.

Regards,

Hello,

If you are being affected by this, we’re asking you to send your email samples to Microsoft. Make sure the sample submitted has the ToC host https://xgemail.protection.stn100syd.ctr.sophos.com/ in the email. 

Customers can send these samples by following this article.  

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide

Regards,

Hello,

If you are being affected by this, we’re asking you to send your email samples to Microsoft. Make sure the sample submitted has the ToC host https://xgemail.protection.stn100syd.ctr.sophos.com/ in the email. 

Customers can send these samples by following this article.  

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide

Regards,