Sophos Email: Whitelist sophos.com in O365 ATP to prevent ATP from automatically releasing emails from quarantine

Overview

Sophos recommends that its domain (sophos.com) be whitelisted in Advanced Threat Protection (ATP) of Microsoft Office 365 to prevent ATP from automatically triggering links in Quarantine Summary sent by Sophos Email.

Applies to the following Sophos products and versions

Sophos Email

Impact

If not whitelisted, ATP can trigger links in the Quarantine Summary, thereby automatically releasing the emails from the quarantine. Automatically releasing quarantined emails can compromise the security provided by Sophos Email, since they can be unwanted.

What to do

Whitelist the domain of Sophos by making the entry *.sophos.com under the Default ToC Protection settings of the Safe link policy in Advanced Threats section of Office 365 – refer to the following screenshot.



Changed the title from "Sophos Email: Prevent automatically releasing emails from quarantine" to "Sophos Email: Whitelist sophos.com in O365 ATP to prevent ATP from automatically releasing emails from quarantine"
[edited by: DominicRemigio at 2:13 PM (GMT -7) on 29 Sep 2020]