How to View O365's Global Exchange Online Protection Quarantining Excel Files
The Office 365 Global Exchange Online Protection (EOP) recognizes .xlsx files as malware. This may sometimes affect deliverability of phishing templates with Excel file attachments in KnowBe4's simulated phishing tests.
The result is that Global EOP quarantines the email before it can get to the Malware filter or user-accessible quarantine.
To see this Global EOP quarantine action being applied to these emails, you can view the Office 365 Message Trace area. To do so, follow the steps below.
- Login to your Office 365 Exchange admin center.
- Click on "mail flow", then "message trace".
- While in the "message trace" area, you can search for a specific message by variables such as the sender, recipient, and/or date range.
- In the list that follows, you'll see the phishing test emails with an Excel attachment as "Quarantined".
This is not the same quarantine that Exchange admins have access to under the "protection" area of the Exchange admin center.
- When you open that message, you'll see that Office 365 recognized the Excel file as malware and deleted the attachment.