Microsoft 365 Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Microsoft Knowledge Hub
      3. Microsoft 365 Defender

      O365 Email Policy Spoofed Sender Allowance Work Instruction

      This work instruction will allow an administrator to create an allowance for a domain that was falsely quarantined due to policy.

      This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

      Procedure Scope: Administrators

      Required Group Membership: Admin.EmailSecurity

      1. Locate a spam/phishing quarantined message; upon investigation you should locate the Email Details and ensure the sender is legitimate. Take note of the sender domain and IP address.
      2. Navigate to Spoofed Senders – O365 Defender, select Add.
      3. In the prompt, add the sender's domain followed by the senders IP address. If an email coming from Simulation@Simulation.com was delivered by sender IP of 192.168.0.1, the exception would look like “Simulation.com,192.168.0.1”. Select External and Allow, followed by clicking Add. (Note: There is very likely more than 1 IP sending emails as this address. A domain PTR record may also be used for multiple IP’s.)

      You're Finished!

      You should have successfully added the domain to be whitelisted for inbound email, the emails will still be quarantined if they trigger anti-malware, safe attachments, or safe links polciies. For any other problems or questions, reach out to us!