Hi @Alex Rechs ,
Great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer : )
[ The message properties or headers are not detected by Transport Rule.]
notify an admin if an important mail got quarantined or moved to spam without whitelisting an e-mail address.
The way is to use Advanced Hunting API to detect threats in mails (despite their delivery location).
| where SenderFromAddress == '$($senderAddress)'
| where ThreatTypes has 'Spam' or ThreatTypes has 'Phish' or ThreatTypes has 'Malware' or ThreatTypes has 'Unknown'
| summarize Total = count() by SenderFromAddress
Using the KQL snippet above in the Powershell you can query $senderAddress from CSV or SQL database or even directly from Get-HostedContentFilterPolicy (Antispam policy).
If result is positive (not null) you can send a notification to an admin via email or Teams.