![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 76%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI8%3C/text%3E%3C/svg%3E)
Exchange Online
A Microsoft email and calendaring hosted service.
6,204 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 20%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
It looks like you're interested in understanding how to create a default alert for "Phish delivered due to ETR override" in Microsoft Defender. Here's a brief overview of the process:
- Understanding ETR Override: Exchange Transport Rules (ETR) are used to apply specific actions to messages as they pass through the transport pipeline. An ETR override can allow a phishing email to be delivered despite other security measures
- Creating the Alert:
- Navigate to Microsoft Defender: Go to the Microsoft 365 Defender portal.
- Create a New Alert Policy: Under the "Alerts" section, create a new alert policy.
- Define Conditions: Set the conditions to trigger an alert when a phishing email is delivered due to an ETR override. You can specify the criteria based on the message properties and the actions taken by the ETR.