Problem: Internal email messages in Exchange Online are improperly handled as spam by the Advanced Spam Protection security filter, ignoring the administrator-configured settings
In an Advanced Threat Protection policy for Exchange Online, the administrator can configure how to handle their internal email messages by the Trend Micro Antispam Engine as follows:
  • To have Cloud App Security not scan internal messages, set the security filter to apply only to Incoming messages.
  • To have Cloud App Security scan internal messages but not take configured actions if they fall into other spam, set the security filter to apply to All messages and select Pass all the messages sent from internal domains if detected as other spam in the Action section.
However, Cloud App Security does more in the back end, for example, Sender Policy Framework (SPF) setting and email header checks, to identify fake internal emails. Therefore, upon the above settings, if some internal messages of your organization are still handled as other spam, you can check the affected messages for further actions. For more information about how to proceed with this issue, see