LoFP LoFP / o365

o365 rule

TitleTags
a dlp policy may be removed by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a malware filter policy may be deleted by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a malware filter rule may be deleted by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a new role may be assigned to a management group by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a new transport rule may be created by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a safe attachment rule may be disabled by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a transport rule may be modified by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
a user sending emails using personal distribution folders may trigger the event.
an anti-phishing policy may be deleted by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
an anti-phishing rule may be deleted by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
assignment of rights to a service account.
automated processes that attempt to authenticate using expired credentials and unbounded retries may lead to false positives.
benign files can trigger signatures in the built-in virus protection
custom applications may be allowed by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
disabling a dkim configuration may be done by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
disabling safe links may be done by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
false positives may occur when users are using a vpn or when users are traveling to different locations for legitimate purposes.
if cloud app security identifies, for example, a high rate of file uploads or file deletion activities it may represent an adverse encryption process.
legitimate allowlisting of noisy accounts
legitimate files reported by the users
teams external access may be enabled by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
teams guest access may be enabled by a system or network administrator. verify that the configuration change was expected. exceptions can be added to this rule to filter expected behavior.
unknown
user using a new mail client.
user using a vpn may lead to false positives.
users and administrators can create inbox rules for legitimate purposes. verify if it complies with the company policy and done with the user's consent. exceptions can be added to this rule to filter expected behavior.
users or system administrator cleaning out folders.