Safelist Phishing/Training Emails

How Do I Safelist a Domain That I Am Testing (Office 365)?

1. Go to security.microsoft.com and login to your account. Be advised that administrator permissions will be required.
2. In the left-hand menu click on Threat Management, then select Policy from the drop-down.
3. On the Threat Policies page, under the Rules heading, click Advanced Delivery.
4. On the Advanced Delivery page you will see two tabs, the Spec Ops tab and the Phishing Simulation tab.  Click on Phishing Simulation.
5. On the Phishing Simulation page beneath the heading, click "Edit".
6. In the side window titled Edit third party phishing simulations, click on the Domain drop-down. Add your domain in the field that is provided. The domain(s) you add here will be the phishing domain(s) you use in your templates. You may add up to 20 domains.
7. Once all domains are entered, select the Sending IP drop-down. In the field that appears, enter 64.191.166.196 (US) or 64.238.34.10 (EU).
8. If Safe Links is used in your tenant, you'll need to configure Simulation URLs to allow. Click this drop-down and enter each domain you plan to test with in this format: example.com/*
9. Finally, click "Save".

NOTE: If Office 365 is not your mail solution, please refer to the Safelisting section of our user guide.