End users and those with administrative privileges are being warned by Microsoft not to bypass the in-built spam filters Office 365 ships with.
The advice comes in a recent document released by the company, which also offers guidance for managing instances where bypassing protocols is unavoidable.
According to the Redmond-headquartered multinational, IT professionals in an admin role that use Office 365 should wherever possible avoid disregarding mail flow rules carrying out scanning and enabling the Spam Filter option of “Allow or Block lists”. Microsoft also recommends Outlook and Outlook Web version admins and users should avoid any toggling in the Safe and Blocked policies for senders.
Recommended alternatives for handling spam
Microsoft commented on the potential dangers of altering the original settings in the report, stressing:
"We recommend that you do not use these features because they may override the verdict that is set by Office 365 spam filters."
Rather than bypassing the filters contained in 365 to identify unwanted mail, Microsoft suggests reporting junk emails is a better option. This task can be performed with the assistance of the Microsoft Add-in, Junk Email Reporting and the Add-in, Report Message available in Outlook.
This alternative can aid in reducing the quantity and impact of junk mail in the future. All the customer reports submitted will be analysed and used to inform and enhance Microsoft’s cloud-based Exchange Online Protection (EOP), a filtering service for email developed especially to protect companies against both spam and malware attacks.
Any spam filters inside Company inboxes that do not benefit from EOP will be unaffected by reports made identifying junk emails.
Microsoft outlines the harmful impact of bypassing in its document:
"If you have to set bypassing, you should do this carefully because Microsoft will honour your configuration request and potentially let harmful messages pass through. Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time."
Steps to take when overriding spam filters
Should users and admins need to bypass the spam filters, Microsoft suggests some recommended measures. Domains owned by you should not be placed on lists that Allow and Block, and commonly used domains (such as office.com, for example) should follow the same protocol.
Comprehensive guides for best security measures
A definitive list is itemised on the Microsoft documentation site for optimum secure practices when using Office 365, which the company describes as measures engineered to "minimise the potential of a data breach or a compromised account."
In May, the US-based organisation CISA (Cybersecurity and Infrastructure Agency) released its own guide of best practices to assist companies in circumventing the risk of attack and avoiding vulnerability, specifically when migrating email services over to Microsoft 365.
If your business makes use of Microsoft Office 365 in its daily workflow, you can contact our specialist team at WM Reply for support and advice. We are experts in employing Microsoft technology to supply solutions and enhance the collaborative capacity of organisations.