User Tools

Site Tools


LUCY MANUAL Applies to LUCY versions above 4.7


Office365 Whitelisting

There are several advanced threat protection options in Office365 that can be adjusted to improve Phishing Simulation Experience.

O365. Spam Content Filter Configuration

  • Choose Allow lists tab. Here you can specify the senders (emails, IPv4) or domains to be whitelisted.

Adding senders to whitelist

  • In order to add allowed senders press Edit near the Allow sender field.

  • Type in any senders you would like to whitelist. You can separate multiple senders with " ; " symbol. When you are finished, press the [+] sign.

  • Save the settings when you finish adding the domains.

Adding domains and IP addresses to whitelist

  • In order to add allowed domains and IP addresses press Edit near the Allow domain field.

  • Add the domains and IPv4 addresses which you would like to whitelist (for example, and press OK. You can separate multiple domains with " ; " symbol.

  • Save the settings when you finish adding the domains.

  • After configuring Spam Content Filter settings you need to go to (sign in with your admin account if needed).
  • Create a new policy by pressing the Create button. Also, one can edit the existing rule with the similar steps as below. Please consult your mail server admin and show this article.

  • Enter the name and description of the policy and click Next.

  • Configure settings of the policy and make sure to turn on the following settings:
  • On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link.
  • Do not track when users click safe links.
  • At the bottom of the settings window specify a list of URLs to exclude from rewriting (for example, by clicking the "+" button and press Next.

  • Set the notifications for users on the next step according to internal mail delivery policies of your own.
  • On the Applied to setting tab choose The recipient domain is… option from the drop-down.

  • Then simply specify the domain for which the policy will be applied (for example,

  • Click Next

  • Review the settings one more time and click Finish

O365. Bypassing Safe Attachments policy

  • In the Rules section, choose New (the New button resembles a plus sign ( +)) and choose Create new rule option. (Alternatively, you can edit an existing rule.)

  • Specify a name for your rule.
  • Click More options button.

  • From the Apply this rule if… drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches.
  • Add Lucy IP-address. Please note that you can also choose to specify certain sender addresses and domain names to your rule by clicking Add condition button.
  • From the Do the following… drop-down menu, select Modify the message properties… and then set a message header.

  • Click the first Enter text… link and set the message header to: X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
  • Click the second Enter text… link and set the value to: 1

  • Click Save button.
o365_whitelisting.txt · Last modified: 2020/12/23 20:17 by lucy