Hello everyone,
I have got a Phishing email go through to the user's inbox.
When going to the phishing email Explorer page on Security Center to get more details on why the email was let through, I found the following:
- Exchange Transport Rule has been applied to this email. I can see the GUID of the rule.
I have checked the following so far:
- Get-TransportRule, nothing found using the GUID or by listing all the rules.
- Safe senders, mail flow rules, or block and allow organizational settings.
- Anti-Spam, Anti-Phishing and other policies that might have a whitelist.
We couldn't find any setting that would allow the email to pass through.
Is there a way to find where and what is this rule by it's GUID only? Or, what policy and configuration allowed this email to pass to the user although it was detected as a phishing email?
Thank you!
Regards,