This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 80%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
I am working on creating a phishing simulation for my organization; normally when we have a phishing campaign simulation, we send a copy of our reported emails to our shared security team mailbox. This gives us quick reference for user reports and forwards.
In a recent simulation test, I am able to receive the message in my inbox, but when I report, it goes straight to quarantine or gets ZAPped shortly after it's delivered to the shared inbox with the detection technology 'File Reputation'. This is the case, as the payload type is a Link in Attachment. Is there a way that I can prevent this this from happening?
For context: here are some of the key components I used in the simulation: Phishing URL - https[:]//www[.]techidal[.]com Document Type - Docx
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hello Alyse Hart,
When you have messages going to quarantined, first thing to check is the reason it is getting blocked and sent to quarantine. It could be due to your Anti-spam policies, Anti-phish, Safe links policy or safe attachment policy.
You may also allow specific senders by following this guidance https://video2.skills-academy.com/en-us/defender-office-365/tenant-allow-block-list-email-spoof-configure.
Additionally, If you want to try 3rd Party Phishing simulation follow this guidance https://video2.skills-academy.com/en-gb/defender-office-365/advanced-delivery-policy-configure?view=o365-worldwide
My apologies if the initial post is confusing.
I am using the Microsoft Attack Simulator tool to craft the phishing campaign. I do not have an issue with the email's initial delivery; they are being delivered to my inbox. The issue is that, once the emails is sent and I move it to a specified folder for auditing purposes, the email is then ZAPped and moved to quarantine; so if I needed to retrieve those emails at a later time, they are not there. This only occurs when I use the .docx file type for the link in attachment payload.