A high profile user may have more than one mailbox for different uses, for example, one for business connections and one for personal life, and use different writing styles in composing email messages for various purposes. In most cases, BEC scams tend to target business mailboxes, with the goal of initiating an unauthorized wire transfer.
In addition, some applications with an email system may have the function of automatically sending system-generated messages in the name of a high profile user.
To avoid these types of email messages from being classified as BEC attacks and help reduce false positives, specify the email addresses related to high profile users that you want Cloud App Security to skip from scanning for writing style verification.
As a global setting, the specified High Profile User Exception List is applicable to all writing style analysis enabled policies for Exchange Online for BEC detection.
Click Add, on the Add Email Address screen that appears, specify the email address related to a high profile user that you want Cloud App Security to skip from scanning for writing style verification, and then click Save.
A maximum of 500 email addresses can be added.
Select one or multiple email addresses, click Delete to remove them from the exception list, and then click OK.
Use special caution in configuring High Profile User Exception List. Because Cloud App Security skips scanning messages from the email addresses in the list, make sure that the email addresses you configure here are secure and really belong to the expected persons.