View Categories

Microsoft/Office 365 Whitelisting

1 min read

Overview

This guide provides step-by-step instructions to whitelist phishing simulation emails in Microsoft Office 365. Proper whitelisting ensures that simulated phishing emails reach end-users’ inboxes without being blocked by security filters.

1. Whitelisting Using Microsoft Defender for Office 365

Step 1: Add Simulation Domains to Allowed List

  1. Sign in to Microsoft Defender
  2. Go to Policies & Rules
    • Under Email & Collaboration, select Threat policies.
  3. Modify Anti-Phishing Policies
    • Click on Anti-phishing.
    • Select the Default policy (or create a new custom policy).
    • Under Advanced settings, find Allowed senders and domains.
    • Add the phishing simulation domains from IP & Domains List
    • Click Save.

Step 2: Create a Safe Senders Policy

  1. Open Microsoft Defender and navigate to Policies & Rules.
  2. Under Threat policies, select Anti-spam policies.
  3. Click Create policy (or edit an existing one).
  4. Add the simulation sender domain(s) under Allowed domains and addresses.
  5. Click Save.

2. Configuring Exchange Online Protection (EOP)

Step 1: Bypass Spam Filtering for Simulation Emails

  1. Sign in to Exchange Admin Center (https://admin.exchange.microsoft.com).
  2. Navigate to Mail flow > Rules.
  3. Click Add a rule > Bypass spam filtering.
  4. Set the condition. If the sender’s domain is > Enter the simulation domain(s).
  5. Under Actions, select Modify the message properties > Set the spam confidence level (SCL) to -1.
  6. Click Save.

Step 2: Allow Phishing Simulations via Connection Filtering

  1. Go to Microsoft Defender > Email & Collaboration.
  2. Select Policies & Rules > Threat Policies > Anti-spam.
  3. Under Connection Filtering, add the IP addresses used for sending phishing simulations.
  4. Click Save.

3. Configuring Microsoft Defender Safe Links Policy

  1. Navigate to Threat Policies > Safe Links.
  2. Under Global Settings, find Do not rewrite URLs.
  3. Add the phishing simulation domains.
  4. Click Save.

4. Configuring Microsoft Defender Safe Attachments Policy

  1. Navigate to Threat Policies > Safe Attachments.
  2. Select Turn off Safe Attachments scanning for these file types.
  3. Add email addresses or domains used for simulations.
  4. Click Save.

5. Testing and Verification

  1. Send a test phishing simulation email from the provider’s domain.
  2. Check delivery reports in Microsoft Defender.
  3. If emails are blocked, revisit policies to ensure correct configuration.

6. Troubleshooting

  • Emails still being quarantined? Check the Quarantine Portal and release them manually.
  • Links being rewritten? Ensure Safe Links policy is updated correctly.
  • Attachments being blocked? Confirm Safe Attachments settings.

Conclusion

Properly configuring whitelisting ensures that phishing simulation emails are delivered successfully while maintaining security. Follow these steps carefully and test to confirm the correct setup.

Updated on August 23, 2025

Was this helpful ?

  • Happy
  • Normal
  • Sad
Signup for Free