Articles in this section

Safelisting in Microsoft 365 / Outlook

Overview

This article details the setup of third-party phishing simulations specific to PhishingBox's domains and IPs in the advanced delivery policy. After completing this safelisting/whitelisting guide, you will be able to deliver mail to your users outlook inboxes. 

For more information about advanced delivery policy, see the following Microsoft article: Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.

  1. Microsoft 365 Defender portal
  2. Video Instructions
  3. Safe Links

NOTE: The following documentation only applies to Office 365 accounts leveraging at least one of the following: 

Exchange Online Protection; Microsoft Defender for Office 365 plan 1 and plan 2; Microsoft 365 Defender. 

If your organization does not use any of the products listed, refer to articles— Safelisting by Email Header in Exchange 2013, 2016, or Office 365, Safelisting by IP Address in Exchange 2013, 2016, or Office 365.

NOTE: If the following safelisting fails, please refer to our Creating a Connector in Microsoft 365 article or reach out to support. 

 

Microsoft 365 Defender portal

  1. In the Microsoft 365 Defender portal (security.microsoft.com), navigate to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery.
  2. On the Advanced delivery page, select the Phishing simulation tab, then do one of the following:
    • Click Edit icon Edit.
    • If there are no configured phishing simulations, click Add.
  3. On the Edit third-party phishing simulation flyout that opens, configure the following:
    • Sending Domain: Expand this setting and enter any domains you plan to test with, then press "Enter" or select the value that is displayed below the box. Domains that are assigned to your templates can be found on the Manage Templates page. 

      NOTE: You may add up to 20 entries. To change a domain on a template, go to Manage Templates and use the multi-select boxes to choose the template(s) and then click "Change Domain". 

    • Sending IP: Expand this setting and enter the following IPs for your respective instance:

EU

US and Online Signup

64.238.34.10 (Phishing)

64.191.166.196 (Phishing)

64.191.166.197 (Training)

64.191.166.197 (Training)

161.38.205.202 (System)

69.72.47.194 (System)

 

 

 

 

  • Simulation URLs to allow

    If Safe Links is re-writing URLs in your phishing emails, you’ll need to add your phishing domains to this list. Jump to the Safe Links section for more details.

When you're finished, do one of the following steps:

  • First time: Click Add, and then click Close.
  • Edit existing: Click Save and then click Close.

The third-party phishing simulation entries that you configured are displayed on the Phishing simulation tab. To make changes, click Edit icon Edit on the tab.

 

Troubleshooting

If emails continue to fail delivery after following the safelisting instructions provided above, please consider trying one or more of the following solutions:

If you are using a third-party firewall like Proofpoint or Mimecast, be aware that the IP address of incoming phishing emails might be rewritten. This can result in the phishing emails appearing to originate from a different IP address than the one you have safelisted.

 

Video Instructions

Below is a video guide to set up the advanced delivery policy as described above. 

 

Safe Links

If Microsoft Safe Links is re-writing URLs in your phishing simulation emails, please complete the following steps:

  1. In the Microsoft 365 Defender portal (security.microsoft.com), navigate to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery.
  2. On the Advanced delivery page, select the Phishing simulation tab, then click Edit icon Edit.
  3. On the Edit third-party phishing simulation flyout that opens, configure the following setting:
    • Simulation URLs to allow
      • Enter each domain you plan to test with in this format: example.com/*. See the image below for more examples. 
  4. Click "Save" and then click "Close".
Simulation_URLs.png

NOTE: If you're seeing the "This website is classified as malicious." warning when opening a link in a phishing/training email, please complete the safe listing steps detailed in our Safelisting for Microsoft Safe Links article. 
 

image__11_.png

 

Back to top

Was this article helpful?
0 out of 0 found this helpful