Informational-severity alert: Phish delivered due to an IP allow policy
Informational-severity alert: Phish delivered due to an IP allow policy
An informational alert has been triggered
⚠ Phish delivered due to an IP allow policy
Severity: ● Informational
As an admin you may be receiving notifications from office 365 like this while using Mimecast. This can potentially be a warning that your Mimecast is not configured optimally. Microsoft is telling you that phishing was allowed due to an IP allow policy. They are referring to the Mimecast connector that you set up during implementation which allows mail from Mimecast to be delivered to your 365 tenant.
There could be a number of configurations that need to be considered when troubleshooting these emails but the first step is to go to message tracking and find the message in question. You should take interest in the the received view transmission event which will tell you if the email was allowed through via a permit sender. You should also observe the analysis section to see the spam score results and processing details which could reveal more information as to why the email was not stopped by Mimecast. Another easy thing to check is the header to investigate if the email was sent using an impersonated display name. If you come to the conclusion that this email should have been stopped by Mimecast or that similar future emails need to be stopped, you must create policy which targets them.
For example, you may find that the only flag Mimecast registered a spam score but it was not stopped because you are using a relaxed spam scanning. You may consider increasing spam scanning to moderate or aggressive. Or, you notice that the email is coming from a foreign domain such as a .pl or .br ( if you are in the US ) and you want to block them. You can then create policy which can do so through Geo IP or blocked senders.
** If you use Mimecast Awareness Training, the test phishing emails can also cause the alert to trigger. You can bypass them in office365.
If you have questions about troubleshooting email and creating adjustments, just let us know.