Ensuring mail delivery: Special - Suppress ETR override notifications from Microsoft


Administrators might get an alert notification email when Hoxhunt simulations are delivered to user mailboxes.

A informational alert has been triggered

⚠ Phish delivered due to an ETR override

Severity: ● Informational

Time: 2/17/2021 8:16:59 AM (UTC)

Activity: Protection

Details: 1 message hit on xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx-x, sent by yyyy.zzz@contoso.com to xxxx.yyyy@contoso.com at time 2/17/2021 8:16:59 AM.

View alert details

Thank you,
The Office 365 Team

Here's a description from Microsoft:
Phish delivered due to an ETR override
Generates an alert when Microsoft detects an Exchange Transport Rule (ETR) that allowed delivery of a high confidence phishing message to a mailbox. This policy has an Informational severity setting.


Option A)
Configure Advanced Delivery.
(depending on your mail routing this may not be possible).
Option B)
There is also a way to disable ETR alerts completely. However, this will disable it from all applicable emails, not just Hoxhunt emails.
  1. Go to https://protection.office.com > Alerts > Alert policies.
  2. Search for "ETR" and then edit Phish delivered due to an ETR override.
  3. Turn off the alert policy from the Status toggle.
More information on alert policies:

Was this article helpful?

13 out of 22 found this helpful

Have more questions? Submit a request