In case you are using Microsoft O365 Advanced Threat within your mail environment, there is a possibility that you might experience false clicks and email attachment opens. In order for ThreatCop’s email to function properly, additional rules to bypass Microsoft’s ATP are required.
ATP Link Bypass Rule :
To set up a mail flow rule to bypass ATP link processing :
Give the rule a name such as "Bypass ATP Links" as shown in the above screenshot.
Click More options....
From the Apply this rule if…. drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches.
Enter our IP address. You can check for the list of IP addresses in this article here
From the Do the following… drop-down menu, select Modify the message properties... and then set a message header.
Click the first *Enter text... link and set the message header to:
X-MS-Exchange-Organization-SkipSafeLinksProcessing
Click the second *Enter text... link and set the value to:
1
Click Save.
ATP Attachment Bypass Rule
Below are the steps to set up a mail flow rule to bypass ATP Attachment Processing:
Create a new mail flow rule in your Exchange/Office Admin center.
Give the rule a name such as Bypass ATP Attachments.
Click more options.
From the Apply this rule if… drop-down, select The senders then select IP address is in any of these ranges or exactly matches.
Enter our IP addresses.
From the Do the following… drop-down, select Modify the message properties... and then set a message header.
Click the first *Enter text... link and set the message header to:
X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
Click the second *Enter text... link and set the value to:
1
Click Save.
ATP Link Bypass Rule by Header :
Following are the steps set a mail flow rule to bypass the ATP link processing by header:
Create a new mail flow rule in your Exchange/Office Admin center.
Give the rule a name such as “Bypass ATP Links”.
Click more options.
From the Apply this rule if… drop-down, select a message header then select include any of these words.
On the right side of the screen you will notice *Enter Text… and Enter words…
Click on *Enter Text… which will open the specify header name window. Type the header name in this window.
Click on *Enter Words…, type Kratikal and click on the +sign
From the Do the following… drop-down, select Modify the message properties... and then set a message header.
Click the first *Enter text... link and set the message header to:
X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
Click the second *Enter text... link and set the value to:
1
Click Save.
ATP Attachment Bypass Rule by Header :
Create a new mail flow rule in your Exchange/Office Admin center.
Give the rule a name such as “Bypass ATP Links”.
Click more options.
From the Apply this rule if… drop-down, select a message header then select include any of these words.
On the right side of the screen you will notice *Enter Text… and Enter words…
Click on *Enter Text… which will open the specify header name window. Type the header name in this window.
Click on *Enter Words…, type the keyword that is to be found in the header and then click on the + sign.
From the Do the following… drop-down, select Modify the message properties... and then set a message header.
Click the first *Enter text... link and set the message header to:
X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
Click the second *Enter text... link and set the value to:
1
Click Save.