Defender for Office365 Changes in Anti-Malware Notifications

Hi All,

There has been a change in the Defender for Office 365 Anti-Malware Policy notifications.
Summary: internal and external Notifications are gone and Action is changed only to "Quarantine" or "Reject" (with NDR).

Not much to see on the M365 Roadmap


But there are more Details in the M365 Admin Portal in Message Center


In the M365 Defender Portal you can review the Settings

Internal- and ExternalSendernotifcations are gone. Only two Settings are available



The Parameters "Action", "EnableInternalSenderNotifications", "EnableExternalSenderNotifications" are gone.
Notifications can only be sent to the Admin if you want.

The Parameter "Action" has been replaced with "FileTypeAction" with value of "Quarantine" or "Reject"

  • Quarantine: Quarantine the message. Whether or not the recipient is notified depends on the quarantine notification settings in the quarantine policy that's selected for the policy by the QuarantineTag parameter.
  • Reject: This is the default action. The message is rejected in a non-delivery report (also known as an NDR or bounce message) to the sender. The message is not available in quarantine.
Set-MalwareFilterPolicy
https://docs.microsoft.com/en-us/powershell/module/exchange/set-malwarefilterpolicy?view=exchange-ps


When "Recject" has been choosen. The NDR looks like this


A more detailed Information can be found more down in the Mail

550 5.0.350 One or more of the attachments in your email is of a file type that is NOT allowed by the recipient's organization.



Regards
Andres Bohren