Microsoft Defender for Office 365 - Bypass Rules

If you are using Advanced Threat Protection (ATP) and have encountered wrong clicks or wrong opening of attachments, it is because the ATP rules for link processing and attachment processing stop them. With additional Mailflow rules, they can bypass ATP processing of links and attachments based on IT-Seal's IP address - 84.16.227.187. 

 

If you use other mail filters in front of your Microsoft mail server, it is possible that our IP address is not correctly passed on to the ATP system. In this case we recommend whitelisting based on the email header.

ATP-Link-Bypass-Rule

  1. Create a new mail flow rule in your Exchange/Office Admin Center.
  2. Give the rule a name, e.g. "ATP-SafeLinks-Bypass".
  3. Click on "More options...".
  4. In the drop-down menu "Apply this rule if..." select the option "The senders" and then select "IP address is in one of these ranges or matches exactly".
    1. Insert the IT-Seal IP address here.
  5. Select "Change message properties..." in the drop-down menu under the item "Proceed as follows...". Then click on "Set message header".
    1. Another window appears with additional options. Enter "X-MS-Exchange-Organisation-SkipSafeLinksProcessing" for the first field and "1" for the second field.
  6. Click on "Save"

ATP-Attachment-Bypass-Rule

  1. Create a new mail flow rule in your Exchange/Office Admin Center.
  2. Give the rule a name, e.g. "ATP-SafeAttachments-Bypass".
  3. Click on "More options...".
  4. In the drop-down menu "Apply this rule if...", select the option "The senders" and then select "IP address is in one of these ranges or matches exactly".
    1. Insert the IT-Seal IP address here. 
  5. Select "Change message properties..." in the drop-down menu under the item "Proceed as follows...". Then click on "Set message header".
    1. Another window appears with additional options. Enter "X-MS-Exchange-Organisation-SkipSafeAttachmentProcessing" for the first field and "1" for the second field. 
  6. Click on "Save". 

ATP-Link-Bypass-Rule by Header

  1. Create a new mail flow rule in your Exchange/Office Admin Center.
  2. Give the rule a name, e.g. "ATP-SafeLinks-Bypass".
  3. Click on "More options...".
  4. In the drop-down menu "Apply this rule if...", select the option "A message header" and then select "Contains one of these words".
    1. On the right-hand side of this rule you will see a box with "Enter text..." and "Enter words...". Click on "Enter text..." to open the Set Header Name window.  
    2. In this window, they insert the appropriate X-header from IT-Seal provided by their awareness contact. 
  5. Click on "Enter words..." and enter "IT-Seal" and click on the "+" symbol. 
  6. In the drop-down menu, under the item "Proceed as follows...", select the item "Change message properties...". Then click on "Set message header".
    1. Another window appears with additional options. Enter "X-MS-Exchange-Organisation-SkipSafeLinksProcessing" for the first field and "1" for the second field. 
  7. Click on "Save".

ATP-Attachments-Bypass-Regel nach Header

  1. Create a new mail flow rule in your Exchange/Office Admin Center.
  2. Give the rule a name, e.g. "ATP-SafeLinks-Bypass".
  3. Click on "More options...".
  4. In the drop-down menu "Apply this rule if...", select the option "A message header" and then select "Contains one of these words".
    1. On the right-hand side of this rule you will see a box with "Enter text..." and "Enter words...". Click on "Enter text..." to open the Set Header Name window.  
    2. In this window, they insert the appropriate X-header from IT-Seal provided by their awareness contact. 
  5. Click on "Enter words..." and enter "IT-Seal" and click on the "+" symbol. 
  6. In the drop-down menu, under the item "Proceed as follows...", select the item "Change message properties...". Then click on "Set message header".
    1. Another window appears with additional options. Enter "X-MS-Exchange-Organisation-SkipSafeAttachmentProcessing" for the first field and "1" for the second field.
  7. Click on "Save".