Microsoft Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Microsoft Defender

      Defender for Office 365 Email Policy Spoofing Exception

      This guide will show an administrator how to create an allowance for a domain that was falsely quarantined due to policy.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Defender Email Policy Spoofed Sender Allowance

      1. Locate a spam/phishing quarantined message; upon investigation you should locate the Email Details and ensure the sender is legitimate. Take note of the sender domain and IP address.
      2. Navigate to the Spoofed Senders – Microsoft Defender portal, locate and select Add.
      3. In the prompt, add the sender's domain followed by the senders IP address. If an email coming from Simulation@Simulation.com was delivered by sender IP of 192.168.0.1, the exception would look like “Simulation.com,192.168.0.1”. Select External and Allow, followed by clicking Add. (Note: There is very likely more than 1 IP sending emails as this address. A domain PTR record may also be used for multiple IP’s.)

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.