User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 4.7

o365_whitelisting

Office365 Whitelisting

There are several advanced threat protection options in Office365 that can be adjusted to improve Phishing Simulation Experience.

O365. Spam Content Filter Configuration

  • Choose Allow lists tab. Here you can specify the senders (emails, IPv4) or domains to be whitelisted.

Adding senders to whitelist

  • In order to add allowed senders press Edit near the Allow sender field.

  • Type in any senders you would like to whitelist. You can separate multiple senders with " ; " symbol. When you are finished, press the [+] sign.

  • Save the settings when you finish adding the domains.

Adding domains and IP addresses to whitelist

  • In order to add allowed domains and IP addresses press Edit near the Allow domain field.

  • Add the domains and IPv4 addresses which you would like to whitelist (for example, lucysecurity.com) and press OK. You can separate multiple domains with " ; " symbol.

  • Save the settings when you finish adding the domains.

  • After configuring Spam Content Filter settings you need to go to https://protection.office.com/safelinksv2 (sign in with your admin account if needed).
  • Create a new policy by pressing the Create button. Also, one can edit the existing rule with the similar steps as below. Please consult your mail server admin and show this article.

  • Enter the name and description of the policy and click Next.

  • Configure settings of the policy and make sure to turn on the following settings:
  • On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link.
  • Do not track when users click safe links.
  • At the bottom of the settings window specify a list of URLs to exclude from rewriting (for example, phishing-url.com) by clicking the "+" button and press Next.

  • Set the notifications for users on the next step according to internal mail delivery policies of your own.
  • On the Applied to setting tab choose The recipient domain is… option from the drop-down.

  • Then simply specify the domain for which the policy will be applied (for example, lucysecurity.company)

  • Click Next

  • Review the settings one more time and click Finish

O365. Bypassing Safe Attachments policy

  • In the Rules section, choose New (the New button resembles a plus sign ( +)) and choose Create new rule option. (Alternatively, you can edit an existing rule.)

  • Specify a name for your rule.
  • Click More options button.

  • From the Apply this rule if… drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches.
  • Add Lucy IP-address. Please note that you can also choose to specify certain sender addresses and domain names to your rule by clicking Add condition button.
  • From the Do the following… drop-down menu, select Modify the message properties… and then set a message header.

  • Click the first Enter text… link and set the message header to: X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
  • Click the second Enter text… link and set the value to: 1

  • Click Save button.
o365_whitelisting.txt · Last modified: 2020/12/23 20:17 by lucy