Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

Chance to win $250 in Petri 2023 Audience Survey

Take the survey now!
Icon for Is your IT budget getting cut?

Is your IT budget getting cut?

Creating a Recession-Proof Digital Workplace

Icon for On-Demand Webinar

On-Demand Webinar

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Don't miss this eBook about M365 Backup!

Don't miss this eBook about M365 Backup!

#1 Microsoft 365 Backup Guide by Veeam

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Office 365

Security

New Override Alerts for Office 365 Create an Additional Safety Net

Brad Sams

 |

Jan 28, 2021

When getting started with your new Office 365 tenant, Microsoft has done a respectable job of making the first run experience not too overwhelming. But as your tenant grows, more people are added to roles that can impact policy, it’s possible that a rule could be created that will allow a malicious email or file to be delivered to a mailbox.

As an example, you may set a policy to enable a specific IP to deliver email but if an attacker is able to exploit this policy to deliver a phishing email, you may not be aware of the intrusion. This is the gap that Microsoft is trying to address with its new override alerts.

Announced today and the feature will start rolling out in early February, for those using Microsoft Defender for Office 365 Plan 1 and Plan 2, you will now be alerted when a message is delivered, only when it is determined with a high degree of confidence that it is phishing or malware, to a mailbox because of a policy that was enabled/disabled.

Specifically, Microsoft says that the “new system alert policies will enable security admins to receive alerts if a message with a high confidence phish or malware verdict is delivered to a mailbox due to one of the following” scenarios:

  • Phish delivered due to an IP allow policy
  • Phish delivered due to an ETR override.
  • Phish delivered because a user’s Junk Mail Folder is disabled.
  • Phish not zapped because ZAP is disabled.
  • Malware not zapped because ZAP is disabled.

When this feature rolls out, the alert policies will be enabled by default but you can turn them on/off as needed. You will also have the ability to define who gets the alerts and also manage how many alerts are sent to help control false positives.

This looks to be a smart move by Microsoft to help contain malware/phishing in an environment where controls may not be correctly applied. Further, this is a safety net and even though it will not be perfect, this is a good step to help to prevent accidental exposure inside your tenant.

More from Brad Sams

Surface Duo 2: Better Hardware, Same Productivity

Surface Laptop Studio: Building a Better Mousetrap

Surface Pro 8: Better in Nearly Every Way

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Cloud Computing and Security

What is Microsoft Sentinel and How Does It Protect Cloud and On-Premises Resources? 

Feb 2, 2023 | Mustafa Toroman

Security

Microsoft Warns About New Consent-Phishing Attacks Used to Steal Data

Feb 1, 2023 | Rabia Noureen

Security

Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines

Jan 31, 2023 | Rabia Noureen

Hero Approved GitHub – 2

Git Releases New Security Updates to Block Remote Code Execution Attacks

Jan 18, 2023 | Rabia Noureen

Hero Approved GitHub – 2

PyTorch Discloses Internal Dependency Compromised with Malicious Code

Jan 4, 2023 | Rabia Noureen

PowerShell

How to Create Conditional Access Policies using PowerShell

Jan 4, 2023 | Liam Cleary

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy