I recently had the problem where a person sent me a zipped file from his gmail account to my email account at Microsoft online/Office365. The email never reached me and the sender never received any NDR (Non Delivery Report). So I thought he hadn’t sent me anything while he was sure I had received it. Luckily in this case, I was expecting an email from him so I got in touch and we could start troubleshooting. How many other emails like this I have not received since I started using Microsoft online years ago, I will never know.

After some troubleshooting including going into Office 365 Admin – Exchange Admin Center – Mail Flow -Message Trace I found the messages and could see that the zip file had incorrectly been deemed as malware. Messages were marked as deleted and not delivered. I opened a support ticket with Microsoft and found out that the default setting in Microsoft online is to just delete emails with suspected malware without notifying anyone about it.

In my opinion this is not the smartest default setting but fortunately you can change it:

  1. Sign in as admin to Office365 Admin at microsoftonline.com
  2. Go to Exchange Admin Center
  3. Go to Protection – Malware filter
  4. If you have not made changes to the Malware filter before you probably only have one Malware filter rule: Default. Doubleclick it to edit.
  5. Under Settings + Malware Detection Response, I changed from “Delete the entire message” to “Delete all attachments and use default alert text”, this means you as a recipient will receive the msg but without the suspected malware.
    There are also other settings you can change such as Sender Notifications and Administrator Notifications if you lso or instead want the Sender or Admin to be notified.

I hope this helps someone else out!