This admin procedure will provide background information on submitting a misclassified email to Microsoft for whitelisting remediation.
This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.
Submissions
The submissions portal in Microsoft 365 Defender is a feature that allows IT Admins to report and track malicious items such as emails, email attachments, URLs, and messages reported by end-users. Additionally, if your email investigation analysis has pointed you in the direction of a false positive, submissions can be utilized to create an email allowance for the specified user or domain on a case-by-case basis.
Procedure Scope: Administrators
Required Group Membership: Admin.EmailSecurity
Allowing a Held Outbound Email
- Navigate to Email Quarantine – O365 Defender, locate the held email that has been held from going outbound. Selecting the email will generate a pop-up that will have all the details of the hold, select the Three Dots followed by Submit for Review. This mail hold should only be produced from outbound mail that includes malicious attachments, links, or spam qualities; these types of messages shouldn’t be in mail flow to begin with especially going towards partner organizations.
- You will be Submitting the email to Microsoft for Analysis; this will allow you to remediate the hold that is taking place on the trusted email. You will specify the Submission Type which for this case will be Email. You will need to add the contents of the email for analysis or add the email network ID so that Microsoft can reference them. Lastly, you will need to specify the issue with the emails; either it was a false positive, or it was a false negative. You will select Allow Emails with Similar Attributed to allow the sender of the mail, you will also need to specify the duration of the allowance. Select Submit to proceed to finalize the Allowance process.
- A confirmation pop-up will be displayed showing that the email was successfully submitted. Upon submission the Sender should now be allowed to send the original and any subsequent messages without issue.
You're Finished!
You should have successfully submitted the email message for approval from Microsoft, creating a whitelist allowance for the sender for a 30-day period. For any other problems or questions, reach out to us!