By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden. This change was prompted by the fact that some settings allow for Office 365 Exchange Online Protection/Advanced Threat Protection detonation verdicts to be bypassed and inadvertently allow malicious content to reach the customers' inboxes. Once the new features will be enabled, Office 365 will automatically honor EOP/ATP detonation — malware analysis — verdicts to block known malicious files and URLs regardless of custom configurations. The domain allows and transport rules are the ones most commonly responsible for content flagged by Office 365 EoP or ATP as malicious still being delivered to the end-users. "We’re updating our filters to ensure that malicious files and URLs are not delivered regardless of configuration unless manually overridden," says the features' entry on the Microsoft 365 Roadmap. The "Office 365 ATP, Secure by Default" update is currently under active development according to the roadmap and comes with an estimated release date set for February 2020, to be generally available in all environments. Microsoft previously warned Office 365 admins and users against bypassing the built-in spam filters in June 2019, as part of a support document that also provides guidelines for cases when this can't be avoided. As Redmond says, Office 365 end-users should avoid enabling Allow or Block lists within the Spam Filter policies, as well as skipping Transport Rules scanning. Microsoft also urges Outlook or Outlook on the Web users and admins not to toggle on Safe and Blocked senders. "We recommend that you do not use these features because they may override the verdict that is set by Office 365 spam filters," says Microsoft. Microsoft recommends Office 365 customers to report junk email messages using the Microsoft Junk Email Reporting Add-in "to help reduce the number and effect of future junk email messages," while Outlook users can employ the Report Message add-in to report junk email. "If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through," the support document says. "Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time." Further details can be found on OUR FORUM.