Microsoft O365 Whitelisting
Last updated
Last updated
To create, modify, or remove settings in an advanced delivery policy, you need to be a member of the specific role groups. Microsoft's new "secure by default" feature may affect your current whitelisting rules. Use Advanced Delivery Policies to whitelist emails for phishing simulations.
How are Phishing Simulation Emails Whitelisted in O365?
Microsoft has a centralized configuration for phishing campaigns in Exchange Online Protection Policies. The Advanced Delivery section allows configuring Phishing Simulations with specific domain names and senders. Since mid-2021, changes to mail flow and filtering mean exceptions in mail flow rules are optional, and security defaults are enforced, blocking 'High Confidence Phish' emails from passing through Exchange Online Rules.
For more details, refer to the following resources:
Navigate to the configuration via the Microsoft 365 Defender portal -> security.microsoft.com
Adding Sending Domain and Sending IP to Whitelist
Open the Microsoft 365 Defender Portal
Navigate to "Email & Collaboration":
Go to Policies & Rules -> Threat policies.
Select Advanced Delivery.
Configure Phishing Simulation:
On the Advanced delivery page, go to the Phishing Simulation tab. Click the Edit icon or, if no phishing simulations are configured, click Add.
Edit Phishing Simulation Settings:
In the Edit third-party phishing simulation modal, adjust the following settings:
Sending Domain: Enter at least one sending domain used as the sender email in Lucy.
Sending IP: Enter the sending IP address of your Lucy instance.
Specific URLs (optional): Enter specific URLs that are part of your phishing simulation campaign using the recommended URL syntax format: example.com/*
Save Changes:
Click Add for all options and Save
Propagation Time:
Wait at least 30 minutes for changes to propagate before starting any phishing campaigns.
