Right-Hand Cybersecurity

Note: The display of the ‘Unverified sender’ banner is governed by Microsoft’s policies, and Right-Hand has only limited influence over this process. To bypass this banner during a phishing simulation exercise, we recommend following the steps outlined in this article. If the banner persists, we suggest adding the sender’s email domain to Email and Collaboration &gt; Policies and Rules &gt; Threat Policies &gt; Tenant Allow/Block List as a potential solution.

To find your sender email domain, please go to the Right-Hand portal and then go to Phishing Readiness &gt; Sender profiles &gt; Edit the chosen sender profile and find the domain after the @ symbol.

<a href="#h_8a60212f2a">Potential Cause</a>

<a href="#h_6f4917f04d">Step-by-Step Solution</a>

a) <a href="#h_bb7ca18963">Create New Anti-Phishing Policy</a>

1. <a href="#h_8a60212f2a">Potential Cause</a>
2. <a href="#h_6f4917f04d">Step-by-Step Solution</a>
 a) <a href="#h_bb7ca18963">Create New Anti-Phishing Policy</a>

Image of the error on Outlook Web Version

Image of the error on Outlook Desktop Version

Microsoft is currently <a href="https://insider.microsoft365.com/en-us/blog/improvements-to-tackle-spam-in-outlook" rel="nofollow noopener noreferrer" target="_blank">rolling out a new Office 365 feature </a>dubbed 'Unverified Sender'. This feature is designed to help users identify potential spam or phishing emails that reach their Outlook client's inbox.

Create New Anti-Phishing Policy (Recommended)

Sign in to <a href="https://security.microsoft.com" rel="nofollow noopener noreferrer" target="_blank">MS Defender</a>.

Select Policies and rules under Email and Collaboration.

Choose Threat Policies and go to the Anti-phishing section.

Add the name “Right-hand Anti-Phish Policy” and a description. Click Next.

In the Domains section, add your company domain list. Then go to the Next section.

Add the <a href="https://help.right-hand.ai/en/articles/8450649-whitelisting-guide-for-microsoft-exchange-and-microsoft-defender#h_6c6bd28547">RH domain list</a> to “Add trusted senders and domains.”

Please uncheck the "Show First contact safety tip" box from the Actions settings.

1. Sign in to <a href="https://security.microsoft.com" rel="nofollow noopener noreferrer" target="_blank">MS Defender</a>.
 
2. Select Policies and rules under Email and Collaboration.
 
 
 
3. Choose Threat Policies and go to the Anti-phishing section.
 
 
 
 
 
4. Click on Create.
 
 
 
5. Add the name “Right-hand Anti-Phish Policy” and a description. Click Next.
 
 
 
6. In the Domains section, add your company domain list. Then go to the Next section.
 
 
 
7. Add the <a href="https://help.right-hand.ai/en/articles/8450649-whitelisting-guide-for-microsoft-exchange-and-microsoft-defender#h_6c6bd28547">RH domain list</a> to “Add trusted senders and domains.”
 
 
 
8. Please uncheck the "Show First contact safety tip" box from the Actions settings.
 
 
 
9. Review and Submit the Policy.
 
 
 
10. Run the test Campaign.