Enhanced filtering

If you are using a third-party mail service where mail is routed to that service before being routed to Exchange, MDO may lose its ability to properly identify the actual sender of the message because the third-party service's IP address is used. This means detecting spoofing or even just viewing if DKIM/DMARC passed on the email entity is impossible. This is where enhanced filtering sometimes called skiplistiing can help. Depending on the service and your scenario trusted ARC sealer may also be necessary.

Often times when you have a third-party service you might have a mail flow rule that sets the SCL to -1, once you have enabled enhanced filtering you can remove this mail flow rule to restore MDO's ability to review messages for safety.

Scenarios for enhanced filtering can be complex, I recommend reviewing Microsoft's documentation for enhanced connectors as well as this document which lays out some common scenarios.