Microsoft’s new secure by default feature may affect current whitelisting rules that your organization has in place. Due to this change, you can use Microsoft’s new Advanced Delivery Policies feature to whitelist.
To create, modify, or remove settings in an advanced delivery policy, you need to be a member of these role groups:
How are Phishing Simulations mails whitelisted in O365? - Microsoft has made fundamental changes to mail flow and filtering in mid-2021. Any exceptions in mail flow rules are no longer mandatory, various security default settings are made that cannot be bypassed. For example, mails classified as 'High Confidence Phish' will no longer be allowed to pass through via an Exchange Online Rule.
In this context, Microsoft has also created the possibility to store an extra configuration for phishing campaigns, so that the exceptions only have to be defined at a central point.
In the Exchange Online Protection Policies there is the Advanced Delivery section and there Phishing Simulation.
The domain names and senders of phishing simulations can be stored there.
Details about the new behavior and the Advanced Delivery / Phishing Simulation can be found here:
Navigate to the configuration via the security.microsoft.com website, alternatively directly via this link: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation