As an extra security level, I’ve installed the Cisco CMD solution and setup the journaling to send emails to be malware/spam checked. All working fine and as expected.
There is an impact on receiving our cyber testing emails though.
There is a potentially huge issue with this solution, in that we can whitelist emails (IP / Domain) in Office 365 to be allowed through to end users to ensure training and testing is received. But all emails get journaled to Cisco and it seems that CMD will simply block the content because it sees the content as having so many pointers that are phishing / malware.
I’ve been in touch with Microsoft to see if there is a way of stopping emails going to the journal (and therefore CMD) if they come from specific IP’s or Domains. Their rules engine can only redirect emails to specific users – rather than to the original recipient:
- If I send an email to firstname.lastname@example.org, I wanted the rule to redirect it, therefore avoiding journaling, still to email@example.com
Have you come across any configuring Cisco CMD for whitelisting or stopping emails going to journal in Office 365 suchlike?