Link to home
Get AccessLog in
Avatar of Pal Experts
Pal ExpertsFlag for Belgium

asked on

Office 365 alert notiification

Hello


Recently, we have this from Microsoft.


An informational alert has been triggered


Phish delivered due to an IP allow policy 



Subject: "Phish delivered due to an IP allow policy"
severity: "Informative"
Activity: "Protection"
details:  "1 message hit on xxxxxx-xxxxxx-x, sent by some.user@company.com to some.user@company.com at time month/date/year time."

Open in new window



We did not create any mail flow rule as to have such an email.


What do you think?


Thank you



Avatar of Member_2_8330475
Member_2_8330475
Flag of United States of America image

It's legit.  Microsoft is moving rules from Mail Flow to Microsoft Purview.

You should see a banner notice on the web page when you look at your mail flow rules.

as for the error, it is a valid message:

https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide
Avatar of Pal Experts

ASKER

Thank you JIm

I have this in the details " This alert fires when message containing phish was delivered due to an IP allow policy. -V1.0.0.3
By the time this alert was triggered, the following 1 user received Phish and Malicious mail matching the conditions of your alert policy:"

How it comes that such an email contains phishing is delivered.  I can see now the alert policy but why the message was delivered

Can you please add more details...

Thank you

as per the rest of the message 

it was delivered because of an ip allow policy.i.e. Microsoft believed that the email fits its rules for a phishing email but you have an allow it with a warning from these ip addresses.

Thank you David..

But where  I can find that rule and these IP addresses

I did not create any policy related to an IP addresses. This is happening recently and suddenly

Can you please add more details...

Thank you
ASKER CERTIFIED SOLUTION
Avatar of Pal Experts
Pal Experts
Flag of Belgium image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access