Description
Administrators might get an alert notification email when Hoxhunt simulations are delivered to user mailboxes.
A informational alert has been triggered
⚠ Phish delivered due to an ETR override
Severity: ● Informational
Time: 2/17/2021 8:16:59 AM (UTC)
Activity: Protection
Details: 1 message hit on xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx-x, sent by yyyy.zzz@contoso.com to xxxx.yyyy@contoso.com at time 2/17/2021 8:16:59 AM.
View alert details
Thank you,
The Office 365 Team
Here's a description from Microsoft:
Phish delivered due to an ETR override
Generates an alert when Microsoft detects an Exchange Transport Rule (ETR) that allowed delivery of a high confidence phishing message to a mailbox. This policy has an Informational severity setting.
Solution
Option A)
Configure Advanced Delivery.
Option B)
There is also a way to disable ETR alerts completely.
- Go to https://protection.office.com > Alerts > Alert policies.
- Search for "ETR" and then edit Phish delivered due to an ETR override.
- Turn off the alert policy from the Status toggle.
More information on alert policies: