Usage Caveats

Advisory Summary on Message Bypass Rules

Note the following important caveats when creating and using Message bypass rules:

  • A Message bypass rule BYPASSES ALL SCANNING AND PROTECTIONS for messages that match the rule conditions. Do not use Bypass Rules for any use-cases other than customer employee security awareness training (Phish Test) or for end-mailbox-user reporting to an organization’s Security Mailbox. These are the only supported scenarios for Message bypass rules. For all other scenarios, use other types of message rules, or adjust your configuration policy settings.

  • IT IS STRONGLY ADVISED to use only the dedicated Sender IP Addresses/CIDR blocks provided by your Phish Test vendor as the basis of Message bypass rules.

  • BE AWARE if your Phish Test vendor is unable to provide dedicated Sender IP Addresses/CIDR blocks; the usage of Sender Domain or Email Address in a Message bypass rule opens you up to bypassing potentially spoofed messages

  • DO NOT use Sender Domain or Email Address in a Message bypass rule unless you have separately validated sender email authentication is tightly scoped by the vendor’s SPF record, strongly enforced by your organization’s upstream edge email controls, and the specified Sender Domain or Sender Email Address exactly matches the final Return-Path header on all messages intended to match the Bypass Rule

  • Open a Support case to request assistance validating any existing Message bypass rules conform to the guidance above.

Microsoft Excel cell size limit

Microsoft Excel has a limit of 32,767 characters per cell. If you export your data to CSV and then open it in Excel, any excess data beyond the character limit is moved to the next row.

Cannot sign in to Security Cloud Sign On with Microsoft when Microsoft account does not have last name

Microsoft 365 does not require accounts to have a defined first name and last name. When trying to authenticate with a Microsoft account that does not have a last name, Security Cloud Sign On returns the following error:

400 Bad Request. Unable to create the user. Required properties are missing.

To workaround this issue, make sure both first name and last name are defined in the Microsoft 365 account.

Trends delay when messages are manually reclassified

When messages are manually reclassified, there could be a delay of up to one hour before the changes are reflected on the Trends page.