Skip to main content
Skip table of contents

M365 Defender: Deactivate "Phish delivered due to an ETR override" alert

Read this article in: English, Deutsch, Dutch, French

If the alert "Phish delivered due to an ETR override" is triggered due to our phishing simulation, you will not be able to change the alert manually. Please contact your Implementation Manager/ Customer Success Manager or support@sosafe.de to resolve this issue. 

You will be provided with a PowerShell script that creates a custom rule developed by SoSafe that extends the default Microsoft rule to the extent that our servers are excluded,but otherwise the functionality remains the same.

You will need the appropriate Security & Compliance M365 admin rights to run it.

Execution: 

  1. Press Windows key + enter PowerShell in search.

  2. Run PowerShell as admin.

  3. Either copy and paste the script or enter the path to the script in PowerShell.

Important: After execution, please disable the default "Phish delivered due to an ETR override" rule at https://security.microsoft.com/alertpoliciesv2. Unfortunately, this cannot be done via PowerShell.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close