{"id":5885,"date":"2023-06-13T12:02:00","date_gmt":"2023-06-13T16:02:00","guid":{"rendered":"https:\/\/www.exchangedefender.com\/blog\/?p=5885"},"modified":"2023-06-16T15:16:10","modified_gmt":"2023-06-16T19:16:10","slug":"exchangedefender-phishing-firewall-and-microsoft-defender","status":"publish","type":"post","link":"https:\/\/www.exchangedefender.com\/blog\/2023\/06\/exchangedefender-phishing-firewall-and-microsoft-defender\/","title":{"rendered":"ExchangeDefender Phishing Firewall and Microsoft Defender"},"content":{"rendered":"\n
<\/div>\n\n\n
\n
\"\"<\/a><\/figure><\/div>\n\n\n
<\/div>\n\n\n\n

Now and then Microsoft Defender will encounter something potentially dangerous when it’s processing your browsing activity. Most of the time it is just the URL of a site they’ve blacklisted.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Enter ExchangeDefender Phishing Firewall.<\/strong> We rewrite every URL going through our service to give our users an extra layer of security and prevent malware and phishing. If you’ve seen the xdref.com<\/a> l<\/strong>inks in your email, that’s US keeping you from accidentally clicking on a legitimate link and getting a zero-day exploit compromising your PC. Well, Microsoft Defender looks at the same link and its contents and can flag an entire URL of your phishing firewall. Then you end up seeing this:<\/p>\n\n\n\n

<\/div>\n\n\n
\n
\"\"<\/a><\/figure><\/div>\n\n\n
<\/div>\n\n\n\n

How do I get this resolved?<\/h2>\n\n\n\n
<\/div>\n\n\n\n

Since this URL is exclusively used by you and your clients, make sure you’re using ExchangeDefender Outbound Service to route outbound mail (our outbound service strips all the xdref.com<\/a> URLs).<\/p>\n\n\n\n

Next, please report the problem with the URL to Microsoft at this location:<\/p>\n\n\n\n

https:\/\/security.microsoft.com\/reportsubmission?viewid=url<\/strong><\/a><\/p>\n\n\n\n

<\/div>\n\n\n\n

How do I fix it?<\/h2>\n\n\n\n

There are two ways to solve this problem within your tenant at Microsoft 365. The fastest way is with PowerShell:<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/div>\n\n\n\n

New-TenantAllowBlockListItems -ListType Url -Allow -Entries ~xdref.com<\/a>~ -NoExpiration<\/strong><\/p>\n\n\n\n

<\/div>\n\n\n\n

The more user-friendly way to allow the URL is through the Microsoft Defender Portal at the following URL (make sure you’re logged in first):<\/p>\n\n\n\n

<\/div>\n\n\n\n

https:\/\/security.microsoft.com\/tenantAllowBlockList<\/strong><\/a><\/p>\n\n\n\n

<\/div>\n\n\n\n

Microsoft tends to move its security components around a lot so if the URL changes login to the Microsoft 365 Defender Portal and go to: Policies & Rules> Threat Policies > Rules section > Tenant Allow\/Block Lists<\/strong>.<\/p>\n\n\n\n

<\/div>\n\n\n\n

To learn more<\/strong> about Microsoft Defender and how to manage its security policies on this topic please see the following KB article<\/a><\/strong>.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Tip: <\/strong>ExchangeDefender recommends executing this process when the client is onboarded, but it will work at any time.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\n","protected":false},"excerpt":{"rendered":"

[…]<\/p>\n","protected":false},"author":50,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1,48],"tags":[],"class_list":["post-5885","post","type-post","status-publish","format-standard","hentry","category-exchangedefender","category-uncategorized","category-security"],"_links":{"self":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/5885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/comments?post=5885"}],"version-history":[{"count":14,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/5885\/revisions"}],"predecessor-version":[{"id":5905,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/5885\/revisions\/5905"}],"wp:attachment":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/media?parent=5885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/categories?post=5885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/tags?post=5885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}