Microsoft's email security systems may visit the links contained in emails you send, as this can affect also the delivery of the Quarantine Report, below you can find workarounds how to handle it.
Microsoft 365 Defender Plan 1
- Go to Exchange admin center → https://admin.exchange.microsoft.com
- Follow this path: Mail Flow → Rules → Add a rule → Create a new rule
-
The wizard will open:
-
Name: <assign any name>
-
Apply this rule if: The sender → IP address is in any of these ranges or exactly matches → add these ranges below and finish with Save
-
185.140.204.0/22
-
173.45.18.0/24
-
94.100.128.0/20
-
83.246.65.0/24
-
-
Do the following: Modify the message properties → set a message header →
-
Next to Set the message header, click on Enter text and add →
X-MS-Exchange-Organization-SkipSafeLinksProcessing
-
Next to to the value, click on Enter text and add →
1
-
-
Click on Next
-
Keep options by default and click on Next again
-
Click on Finish
-
-
Once created, it is required to enable it. To do that, just click on the rule and then click on the toggle under Enable or disable rule
Customers using Canadian MXs must additionally enter the following IP ranges:
108.163.133.224/27
199.27.221.64/27
209.172.38.64/27
216.46.2.48/29
216.46.11.224/27
Microsoft 365 Defender Plan 2
- Go to Microsoft Defender → https://security.microsoft.com/
- Follow this path: Email & collaboration → Policies & rules → Threat policies → Safe links → Create
-
The wizard will open:
-
Enter the name of the new policy in the Name field
-
Click on Next
-
Enter the customer’s domain in the Domains field
-
Click on Next
-
In URL & click protection settings, configure the desired settings
-
Click on Manage 0 URLs
-
In the flyout, click on Add URLs and add the following domains:
-
cp1.cloud-security.net/*
-
cp.hornetsecurity.com/*
-
-
Click on Save
-
Click on Done
-
-
URL & click protection settings is displayed again. Click on Next
-
In Notification, select the desired setting
-
Click on Submit
-
Click on Done
-
-
Once the previous configuration is completed, ensure that the rule has the appropriate priority.
If the Quarantine Report contains a custom URL, use that instead of cp.hornetsecurity.com/*