Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Phishing Campaign emails being sent to MS Defender quarantine

I'm I the only customer using this Phishing Campaign.....

I been trying to configure this thing so we can use it.  However, even after configuring per the documentation.  The campaign email are still being caught be Microsoft's Defender and quarantining the emails.

Documentation indicates that I only need to whitelist 2 IP addresses but when looking at the message in quarantine, the message has senders IP that is not matching the two I was told to whitelist.......

I would have thought this to be an easy fix for support, but now on week 2 with several remote sessions and circling back to the beginning......

Open Case# 07016835

Somebody...anybody who has dealt with this please help me.......



This thread was automatically locked due to age.
Parents
  • We are trying to use Sophos Phish Threat too and I am in the same situation, received an email to say I have been enrolled into training for reading the email which I never received. Checked sophos and its showing as delivered, checked Defender and its showing quarantined for safe attachments policy. So everyone kind of knows what emails to look out for now, kind of pointless! 

Reply
  • We are trying to use Sophos Phish Threat too and I am in the same situation, received an email to say I have been enrolled into training for reading the email which I never received. Checked sophos and its showing as delivered, checked Defender and its showing quarantined for safe attachments policy. So everyone kind of knows what emails to look out for now, kind of pointless! 

Children
  • We are working on a method called Direct Delivery which will use the Microsoft Graph API to place Phish Threat messages directly into the end users mailbox bypassing smtp and inspections for M365 customers. This will be delivered early 2024 is our plan at this time. 

  • Hi Tom, what is the deployment process for Direct Delivery looking like at the moment? We as an MSP are trying to assess if it is more efficient to complete the usual phish threat setup (which as long as it's configured right at the start, we don't run into any issues with EOP blocking), or if the new Direct Delivery feature if it's easier. Cheers

  • We are on target for a Q1CY2024 release. It will require additional authorization in M365 so it will guide you through logging into M365 and approving the additional auth. The new Direct Delivery feature will be much simpler in that you will no longer have to create the Phishing exceptions in M365 or add to Allow Lists in M365 etc. Since we won't be sending the messages via smtp but via the Graph API. For new customers this will be the preferred way, I expect partners and MSP to take their time migrating and clean up old rules, as long as it is working as you say.

  • Up-voting this fix as we too are having this issue with Sophos Phishing Campaigns and have started to shop for an internally hosted alternative to bypass the blocks.
    Our environment uses Mimecast and Microsoft Defender.

    I have contacted Sophos Support by email but have been waiting over a month for a reply now.

  • We don't know how to configure Mimecast to allow the campaigns through. I've posted how to configure Defender to allow them through and have heard success from many customers and partners. Feel free to drop me an email directly at tom.foucha@sophos.com