Hello - we are getting alerts as of about 2 weeks ago, about "Phish emails allowed" in our O365 domain, and wanted to get some input from the experts out there. Here is a copy of one of the 7 alerts received:
Time (UTC -05:00)
Sep 7, 2021 11:25:42 PM
Spam, Phish and Malicious
This alert fires when message containing phish was delivered due to an IP allow policy. -V126.96.36.199By the time this alert was triggered, the following 1 user received Spam, Phish and Malicious mail matching the conditions of your alert policy:firstname.lastname@example.orgThis alert was triggered by theAnti-spam Policy : Connection filter policy
When I try to "View message" it shows me nothing there. So first question is where do I see the IP allow policy, and 2) why is the message gone for each one when I try to see what email tripped it?
Thanks for your help.