View Categories

Microsoft/Office 365 Whitelisting

1 min read

Table of Contents

 Introduction to Advanced Delivery

The Advanced Delivery policy aims to ensure that our simulated phishing templates are delivered properly and that the following outcomes are achieved:

  • These notifications are ignored by EOP and Microsoft Defender for Office 365 filters.
  • The messages are ignored or no action is taken by the Zero-hour Purge (ZAP) for spam and phishing.
  • These scenarios do not activate the system’s default notifications.
  • These notifications are ignored by AIR and clustering in Defender for Office 365.
  • The message is part of a phishing simulation campaign and isn’t an actual danger, according to admin submissions. There will be no triggering of alerts or AIR. These warnings will appear as a simulated threat in the admin submissions experience.
  • The system does not generate an alert, investigation, or incident when a user reports a phishing simulation message using the Report Phishing add-in for Outlook. The notice will also appear on the submissions page’s User reported messages tab.
  • Specifically recognised URLs in these alerts are not blocked or detonated by Safe Links in Defender for Office 365.
  • Defender for Office 365’s Safe Attachments feature does not explode attachments in these emails.

Advanced Delivery Policy Configuration

  1. Log in to the Microsoft 365 Defender portal.
  2. Select Policies & Rules under the Email & Collaboration section from the menu on the left-hand side.
  3. Select Threat Policies.
  4. Under Rules, select Advanced delivery.
  5. At the top, select Phishing Simulation.
  6. Click Add if no policy has been generated. If you already have a policy in place, go to that policy and click Edit.
  7. Complete the following sections once the Add Third Party Simulations window appears:
  • Domains: Microsoft allows one to add phishing domains to their account (maximum of 20 entries). Add here the domains provided to you by the TIKAJ Infosec team point of contact.
    • List of Domains to allow:
      • one.phishgrid.com
      • tikaj.com
      • mailservers.xyz
      • securit365.xyz
      • secure365.org
  • Sending IP: Add the IP addresses provided to you by the TIKAJ Infosec team point of contact. Please keep in mind that you must add the IP addresses one by one.
    • IP address: 51.15.191.190
  • Simulation URLs to Allow: To make sure that URLs in simulation messages aren’t blocked. For each field, you can define up to 10 entries using the recommended URL format.
    • List of URLs to allow:
      • https://one.phishgrid.com/*
      • https://tikaj.com/*
      • *.mailservers.xyz/*
      • *.securit365.xyz/*
      • *.secure365.org/*
  • Click Add.
  • Please wait for the settings to propagate after configuring the policy before testing. Please note that the settings may take up to 12 hours to completely propagate.
Microsoft/Office 365 Whitelisting
What are your Feelings
Signup for Free