Skip to Content

MC265759: Microsoft Defender for Office 365: Extending Secure by Default for Exchange Transport Rules (ETRs)

Microsoft believes it’s critical to keep our customers secure by default. We have determined that legacy overrides tend to be too broad and cause more harm than good. As a security service, we believe it’s imperative that we act on your behalf to prevent your users from being compromised. This means these legacy overrides will no longer be honored for email messages we believe are malicious. We already apply this approach with malware messages and now we have extended it to messages with high confidence phish verdicts. We have been taking a very deliberate approach to rolling out these changes in phases to ensure customers are not surprised and there are no negative side effects. We began to roll out Secure by Default for high confidence phishing messages by the override type starting in December 2020 (Roadmap ID 60827).

MC265759: Microsoft Defender for Office 365: Extending Secure by Default for Exchange Transport Rules (ETRs)

Today, we’re at a point in our Secure by Default journey where the following overrides are not honored for malicious emails (malware or high confidence phish emails):

  • Allowed sender lists or allowed domain lists (anti-spam policies)
  • Outlook Safe Senders
  • IP Allow List (connection filtering)

We are now extending Secure by Default to cover high confidence phishing messages for the remaining legacy override type, Exchange mail flow rules (also known as transport rule or ETRs).

Affected Workloads

  • Exchange Online

Key Points

  • Timing: We will begin rolling out Secure by Default for ETRs starting at the end of August (previously early August) and complete rollout by end of October (previously the end of September).
  • Action: Review and assess impact.

How this will affect your organization

After the last phase of Secure by Default is enabled in August for ETRs, Defender for Office 365:

  • Will no longer deliver messages with a high confidence phish verdict, regardless of any explicit ETRs. These messages will be quarantined. ETRs will still continue to bypass spam and normal confidence phish verdicts as this was the original intent of setting SCL-1.
  • Will no longer recommend using ETRs to configure third-party phishing simulations or Security Operations mailbox message delivery.

What you need to do to prepare

If you are currently using Exchange mail flow rules (also known as transport rules or ETRs) to configure your third-party phishing simulation campaigns or delivery for security operation mailboxes, you should begin to configure these with the new Advanced Delivery policy when the feature is launched in July (Roadmap ID 72207). For more information, please refer to message center post MC256473.

Administrators should also use the submission portal to report messages whenever they believe a message has the wrong verdict so that the filter can improve organically. We are further improving this experience with the integration of the Tenant Allow/Block List (TABL) in the Admin submission portal. With this update, you will be able to override filtering verdicts and allow similar messages while your submission is being reviewed. Please see message center post MC267137 to learn more.

Note: If your organization has compliance requirements that make it necessary to opt out of this change, that requirement is met by Microsoft Defender for Office 365 continuing to honor the ETR when MX record points away from us (not O365).

Learn more

Message ID: MC265759
Published: 30 June 2021
Updated: 30 September 2021
Effective: August 23, 2021

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.