EOP how to restore an user if a false positive activate the phishing user block

Marc 631 Reputation points

During an EOP mail flow test I sent various emails using the same user. The EOP phishing system (configured at 1) blocked the user thinking we were in a phisching regime.
I have noticed that in this scenario there are no direct actions to unblock the user.
I have also noticed the "add trasted sender" option in phishing doesn't work at all. Although the user is added is not permanently saved. In fact, once I go out of the rule and returning back, the user is gone (he is no longer present).
Is there a way to fix this strange behavior?


Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,373 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marc 631 Reputation points

    Unfortunately, I couldn't find a solution.

    If the anti-phishing blocks a user thinking mistakenly that there is a phishing activity, how can we revert back this error?
    This is relevant because in that case the user emails will be moved every-time to quarantine.
    Hopefully someone can help.

    0 comments No comments

  2. KyleXu-MSFT 26,241 Reputation points


    The anti-spam policies and anti-phishing policies takes effect after the transport rule. So, you could try to use transport rule to allow this user bypass spam filter, such as:

    About the phenomenon that you cannot save the trusted user, I would suggest you open a service request to Office 365 team from Microsoft 365 admin center, they may could help you check the confirmation from the backend.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.