- Does Secure Email Threat Defense honor senders or domains from an allow list in Microsoft 365?
- Does Secure Email Threat Defense honor actions my users take on Junk mail in Outlook?
- What is the journaling size limit?
- Why aren’t all of my domains showing in Secure Email Threat Defense?
- Where can I find more information about journaling in Microsoft 365?
Secure Email Threat Defense and Microsoft 365
Does Secure Email Threat Defense honor senders or domains from an allow list in Microsoft 365?
Yes. Secure Email Threat Defense honors senders and domains added to your spam filter allow lists in Microsoft 365 for Spam and Graymail messages. MS Allow lists are not honored for Threat verdicts (BEC, Scam, Malicious, Phishing); these items will be remediated according to your policy settings.
In the classic Exchange admin center, this is accessible from Exchange admin center > protection > spam filter.
In the new Microsoft 365 security center, you can access this setting here: https://security.microsoft.com/antispam
Because of some recent changes to Microsoft’s MSAllowList header, Microsoft Allow lists are not always honored by Secure Email Threat Defense if your organization allows individual users to configure allow lists in their mailbox and a message happens to fall in a user’s allow list. If you want Secure Email Threat Defense to honor these settings, select the Do not remediate Microsoft Safe Sender messages with Spam or Graymail verdicts check box on the Policy page. Safe Sender flags are respected for Spam and Graymail verdicts, but are not respected for Threat verdicts. That is, Safe Sender messages with Spam or Graymail verdicts will not be remediated.
Does Secure Email Threat Defense honor actions my users take on Junk mail in Outlook?
Users may mark email using the Outlook Junk options, such as Never Block Sender or Add to Safe Senders. If you want Secure Email Threat Defense to honor these settings, select the Do not remediate Microsoft Safe Sender messages with Spam or Graymail verdicts check box on the Policy page. Safe Sender flags are respected for Spam and Graymail verdicts, but are not respected for Threat verdicts. That is, Safe Sender messages with Spam or Graymail verdicts will not be remediated.
What is the journaling size limit?
Any message over 150 MB will not be journaled by Microsoft 365.
Why aren’t all of my domains showing in Secure Email Threat Defense?
Secure Email Threat Defense imports domains with email capabilities associated with your tenant. If a domain does not have email capabilities, it is not shown in Secure Email Threat Defense.
Where can I find more information about journaling in Microsoft 365?
Refer to the Microsoft documentation: https://docs.microsoft.com/en-us/exchange/security-and-compliance/ journaling/journaling