"Pure" Azure AD security groups are not valid Exchange recipients, so they cannot be used here. They are not even synchronized to Exchange's directory, at least not in a way we (as customers) can leverage them. Use a mail-enabled security group instead.
Microsoft Defender 365 - Custom Anti-spam outbound policy
Hi Everyone,
I'm configuring the outbound anti-spam policy to set a daily and hourly sending limit to send mails externally by accounts. This is a recommendation from Secure Score.
- External limit per hour 500
- Daily limit 1000
This works perfectly and our admins are notified when the threshold is met.
Now I created a custom policy that allows you to add an exclusion group. The rule includes everyone sending mails from the allowed domains (got from Exchanges) and Exclude a Group.
It turns out you can only use, M365 groups, Mail-enabled groups or Distribution lists. Normal Azure AD security groups are not resolved. In my case we created a security group on-prem made it mail enabled and synced it to Azure.
For some reason the users in the group are being ignored when the threshold is met. Meaning that the exclusion group is not read(?)
Any ideas or suggestions on how to have the exclusion work with a group would be welcome.
Thanks,
Regards,
Maarten