Microsoft 365 Whitelisting
These instructions will help you configure the delivery of third-party phishing simulations to Microsoft 365 Defender.
NOTE: You must be assigned permissions (Organization Management or Security Administrator) in Exchange Online before you can perform these procedures. Users may receive a false positive if they report an email using the Report Message add-in.
Using Advanced Delivery
- Open the Microsoft 365 Defender portal.
- Go to Email & Collaboration > Policies & Rules > Threat policies page > Rules section > Advanced delivery.
- On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:
- Click Edit, or
- If there are no configured phishing simulations, click Add.
- In the Edit third-party phishing simulation flyout that opens, configure the following settings.
- Domain: Expand this setting and enter at least one email address domain by clicking in the box, entering a value, and then pressing Enter. A list of domains necessary for VENZA Phishing™ is included at the end of this Quick Reference Guide.
- Sending IP: Expand this setting and enter a valid IPv4 address by clicking in the box, entering 108.163.193.74, and then pressing Enter.
- Simulation URLs to allow: Expand this setting and enter URLs provided by your VENZA Customer Success Coach. Note: this field is not required for all phishing campaigns.
- Once you’re finished, click Add and then Close.
Using the IP Allow List
CAUTION: Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. This creates a high risk of attackers successfully delivering email to the Inbox that would otherwise be filtered.
- Open the Microsoft 365 Defender portal.
- Go to Email & Collaboration > Policies & Rules > Threat Policies > Anti-spam
- Click Connection filter policy and then Edit connection filter policy.
- Add the IP address below to the Always allow messages from the following IP addresses or address range field:
- 108.163.193.74
- Press enter and click save to enable the new settings.
Using The Allowed Sender or Allowed Domain Lists
CAUTION: This method creates a high risk of attackers successfully delivering email to the Inbox that would otherwise be filtered; however, the allowed senders or allowed domains lists don’t prevent malware or high confidence phishing messages from being filtered.
- Open the Microsoft 365 Defender portal
- Go to Email & Collaboration > Policies & Rules > Threat Policies > Anti-spam
- Click + to create a policy and select Inbound from the drop-down list.
- The policy wizard opens. On the Name your policy page, configure these settings:
- Name: enter a unique, descriptive name for the policy.
- Description: Enter an optional description for the policy.
- When you’re finished, click Next.
- On the Users, groups, and domains page, identify the internal recipients that the policy applies to (recipient conditions):
- Users: The specified mailboxes, mail users, or mail contacts.
- Groups: Members of the specified distribution groups or mail-enabled security groups.
- Domains: All recipients in the specified accepted domains in your organization.
- When you’re finished, click Next.
- On the Bulk email threshold & spam properties page that appears, configure settings as needed. When you’re finished, click Next.
- On the Actions page that appears configure settings as needed.
- On the Allow & block list flyout that appears, click Allowed > Domains > Allow domains.
- Click + to Add domains.
- Enter the domains listed at the end of this QRG in the Domain box.
- Click Add domains, then Next when you’re ready to continue.
- On the Review page that appears, review your settings. You can select Edit in each section to modify the settings within the section. Or you can click Back or select the specific page in the wizard.
- When you’re finished, click Create.