Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

M365 Changelog: Secure by Default – Honoring EOP/ATP detonation verdicts

MC226683 – We have updated the rollout timeline for this release and add additional details for clarity. Thank you for your patience.

We’re making some changes to how tenant (Anti-spam/Hosted Content Filter policy) and user (Safe sender) allows work when it comes to high confidence phish. A message is marked with the high confidence phish verdict when we detonate it and know that it is malicious. We want to ensure that our customers are protected and therefore block those messages from getting to the inboxes of end-users. This is normally the case, but tenant and user overrides can stop this from happening. We have decided to no longer honor Allowed senders or domains when the messages are considered as high confidence phish.

Note: Secure by default will not impact your antispam policy high confidence phish action settings but actually enforce it by ignoring the above stated overrides when we know it is high confidence phish. In other words, high confidence phish will still go to where you configure it to go, whether it is sending it to quarantine (recommended) or to the Junk Email folder.

Key Points:

Timing: Beginning mid-December through the end of February (previously January)
Action: Review and assess impact

How this will affect your organization:

When this change is implemented we are going to update our filtering rules so that inbound messages that are considered high confidence phish and destined for Office 365 mailboxes will not honor anti-spam policy or Safe sender allows. Emails with other verdicts like (regular) phish, spam, etc will not be affected and the allows will still work as expected.

Note: adding senders and domains to an allow list is not best practice and should be considered as a legacy way of filtering.

What you can do to prepare:

Administrators should use the submission portal to report messages whenever they believe a message has the wrong verdict so that the filter can improve organically.

Review, to learn more about Secure by default in Office 365.