Microsoft Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Microsoft Defender

      Defender for Office 365 Email File Allowance

      This guide will show an administrator how to create an allowance for an email that got falsely quarantined due to policy.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Defender Email File Allowance

      1. If an email is captured in Quarantine due to detected malware related to URL or File Attachments but you know that the source is reputable, gather the embedded link or file for the next step.
      2. Navigate to the File Submission – Microsoft Defender portal, select Add New Submission.
      3. A pop-up will be generated asking details pertaining to the File, the file itself as well as if it was registered as a false positive or false negative. In our case we have had a File mistakenly blocked and need it to be whitelisted instead. Select Submit once all of the items have been configured.
      4. A finalization prompt will be displayed showing that the items have been submitted for review. Select Done to proceed.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.