Share via

Microsoft Defender 365 - Custom Anti-spam outbound policy

Maarten BOONEN 0 Reputation points
2023-07-11T11:12:31.9833333+00:00

Hi Everyone,

I'm configuring the outbound anti-spam policy to set a daily and hourly sending limit to send mails externally by accounts. This is a recommendation from Secure Score.

  • External limit per hour 500
  • Daily limit 1000

This works perfectly and our admins are notified when the threshold is met.

Now I created a custom policy that allows you to add an exclusion group. The rule includes everyone sending mails from the allowed domains (got from Exchanges) and Exclude a Group.

It turns out you can only use, M365 groups, Mail-enabled groups or Distribution lists. Normal Azure AD security groups are not resolved. In my case we created a security group on-prem made it mail enabled and synced it to Azure.

User's image

User's image

For some reason the users in the group are being ignored when the threshold is met. Meaning that the exclusion group is not read(?)

Any ideas or suggestions on how to have the exclusion work with a group would be welcome.

Thanks,

Regards,
Maarten

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,930 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 106.1K Reputation points MVP
    2023-07-13T06:56:28.6066667+00:00

    "Pure" Azure AD security groups are not valid Exchange recipients, so they cannot be used here. They are not even synchronized to Exchange's directory, at least not in a way we (as customers) can leverage them. Use a mail-enabled security group instead.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.