Ensure the connection filter safe list is off
Why This Matters
Connection filtering in Exchange Online Protection can inadvertently allow malicious messages into user inboxes. When the safe list is enabled, email from Microsoft's pre-configured allow list bypasses spam filtering and sender authentication checks like SPF, DKIM, and DMARC, creating a vector for attacks. Administrators cannot see which senders are on this dynamic list, making it impossible to audit or manage.
What Aether365 Checks
Aether365 scans your Microsoft 365 tenant to verify that the safe list in the default connection filter policy is turned off. This check appears in the Aether365 dashboard under the microsoft-365 category.