{"id":6501,"date":"2024-04-04T21:46:56","date_gmt":"2024-04-04T16:16:56","guid":{"rendered":"https:\/\/phishgrid.com\/?post_type=docs&#038;p=6501"},"modified":"2025-03-16T20:21:15","modified_gmt":"2025-03-16T14:51:15","password":"","slug":"microsoft-office-365-whitelisting","status":"publish","type":"docs","link":"https:\/\/phishgrid.com\/kb\/microsoft-office-365-whitelisting\/","title":{"rendered":"Microsoft\/Office 365 Whitelisting"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Overview<\/h1>\n\n\n\n<p>This guide provides step-by-step instructions to whitelist phishing simulation emails in Microsoft Office 365. Proper whitelisting ensures that simulated phishing emails reach end-users&#8217; inboxes without being blocked by security filters.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. <strong>Whitelisting Using Microsoft Defender for Office 365<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 1: Add Simulation Domains to Allowed List<\/strong><\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Sign in to Microsoft Defender<\/strong>\n<ul class=\"wp-block-list\">\n<li>Navigate to <a href=\"https:\/\/security.microsoft.com\/\" target=\"_blank\" rel=\"noopener\">Microsoft Defender Security Portal<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Go to Policies &amp; Rules<\/strong>\n<ul class=\"wp-block-list\">\n<li>Under <strong>Email &amp; Collaboration<\/strong>, select <strong>Threat policies<\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Modify Anti-Phishing Policies<\/strong>\n<ul class=\"wp-block-list\">\n<li>Click on <strong>Anti-phishing<\/strong>.<\/li>\n\n\n\n<li>Select the <strong>Default policy<\/strong> (or create a new custom policy).<\/li>\n\n\n\n<li>Under <strong>Advanced settings<\/strong>, find <strong>Allowed senders and domains<\/strong>.<\/li>\n\n\n\n<li>Add the phishing simulation domains (mailservers.xyz).<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 2: Create a Safe Senders Policy<\/strong><\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Open Microsoft Defender<\/strong> and navigate to <strong>Policies &amp; Rules<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Threat policies<\/strong>, select <strong>Anti-spam policies<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Create policy<\/strong> (or edit an existing one).<\/li>\n\n\n\n<li>Add the simulation sender domain(s) under <strong>Allowed domains and addresses<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Configuring Exchange Online Protection (EOP)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 1: Bypass Spam Filtering for Simulation Emails<\/strong><\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Sign in to Exchange Admin Center<\/strong> (<a href=\"https:\/\/admin.exchange.microsoft.com\" target=\"_blank\" rel=\"noopener\">https:\/\/admin.exchange.microsoft.com<\/a>).<\/li>\n\n\n\n<li>Navigate to <strong>Mail flow<\/strong> &gt; <strong>Rules<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Add a rule<\/strong> &gt; <strong>Bypass spam filtering<\/strong>.<\/li>\n\n\n\n<li>Set the condition. <strong>If the sender\u2019s domain is<\/strong> &gt; Enter the simulation domain(s).<\/li>\n\n\n\n<li>Under <strong>Actions<\/strong>, select <strong>Modify the message properties<\/strong> &gt; <strong>Set the spam confidence level (SCL) to -1<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 2: Allow Phishing Simulations via Connection Filtering<\/strong><\/h3>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Go to Microsoft Defender<\/strong> &gt; <strong>Email &amp; Collaboration<\/strong>.<\/li>\n\n\n\n<li>Select <strong>Policies &amp; Rules<\/strong> &gt; <strong>Threat Policies<\/strong> &gt; <strong>Anti-spam<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Connection Filtering<\/strong>, add the IP addresses used for sending phishing simulations.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Configuring Microsoft Defender Safe Links Policy<\/strong><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Navigate to <strong>Threat Policies<\/strong> &gt; <strong>Safe Links<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Global Settings<\/strong>, find <strong>Do not rewrite URLs<\/strong>.<\/li>\n\n\n\n<li>Add the phishing simulation domains.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Configuring Microsoft Defender Safe Attachments Policy<\/strong><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Navigate to <strong>Threat Policies<\/strong> &gt; <strong>Safe Attachments<\/strong>.<\/li>\n\n\n\n<li>Select <strong>Turn off Safe Attachments scanning for these file types<\/strong>.<\/li>\n\n\n\n<li>Add email addresses or domains used for simulations.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Testing and Verification<\/strong><\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Send a test phishing simulation email<\/strong> from the provider\u2019s domain.<\/li>\n\n\n\n<li><strong>Check delivery reports<\/strong> in Microsoft Defender.<\/li>\n\n\n\n<li>If emails are blocked, revisit policies to ensure correct configuration.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. Troubleshooting<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Emails still being quarantined?<\/strong> Check the <strong>Quarantine Portal<\/strong> and release them manually.<\/li>\n\n\n\n<li><strong>Links being rewritten?<\/strong> Ensure Safe Links policy is updated correctly.<\/li>\n\n\n\n<li><strong>Attachments being blocked?<\/strong> Confirm Safe Attachments settings.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>Properly configuring whitelisting ensures that phishing simulation emails are delivered successfully while maintaining security. Follow these steps carefully and test to confirm the correct setup.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This guide provides step-by-step instructions to whitelist phishing simulation emails in Microsoft Office 365. Proper whitelisting ensures that simulated phishing emails [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"doc_category":[43],"doc_tag":[],"class_list":["post-6501","docs","type-docs","status-publish","hentry","doc_category-whitelisting"],"year_month":"2025-04","word_count":396,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"Madhurendra","author_nicename":"madhurendra","author_url":"https:\/\/phishgrid.com\/blog\/author\/madhurendra\/"},"doc_category_info":[{"term_name":"Whitelisting","term_url":"https:\/\/phishgrid.com\/kb-category\/whitelisting\/"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/docs\/6501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/comments?post=6501"}],"version-history":[{"count":7,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/docs\/6501\/revisions"}],"predecessor-version":[{"id":6949,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/docs\/6501\/revisions\/6949"}],"wp:attachment":[{"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/media?parent=6501"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/doc_category?post=6501"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/phishgrid.com\/wp-json\/wp\/v2\/doc_tag?post=6501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}