Whitelisting in Microsoft 365
This article will cover how to allow our training email and phishing simulator email servers in Microsoft Exchange and Microsoft 365 Defender.
In this Article:
Step 1: Basic Whitelisting (Exchange)
Step 2: Basic Whitelisting (Defender)
Step 3. Phishing URL Whitelist (Defender)
Step 4: Advanced Delivery Policy (Defender)
Step 1: Basic Whitelisting (Exchange)
Instructions in this article take place in Exchange Admin Center (EAC), and you need the role as Exchange Administrator to be able to perform the specified tasks.
- Sign in to Microsoft's Exchange Admin Center
- In the Menu on the left Scroll down and select Mail Flow
- Select Rules
- Select + Add a rule, then click Bypass Spam filtering...
NOTE: If your organisation is using Microsoft 365 Defender, the "Bypass Spam filtering" rule will not appear in the drop down. Proceed to Step 2.
- Name the rule “Phishing Simulator Whitelist”
- Under Apply this rule if... select The sender... and select domain is...
- Click the Edit button and Add our domains then click Add. Then click Save
Our whitelisting technical information can be found here: Whitelisting Technical Information.
- The Bypass spam filtering rule is automatically configured for you. Scroll down and click Next.
- Leave all settings in "Set rule settings" as their default values and click "Next".
- Review your settings and click "Finish".
Proceed with Advanced Whitelisting setup in Step 2 - 4 if your organisation is using Microsoft 365 Defender.
Whitelisting in Microsoft 365 Defender
This step will cover how to allow our training email and phishing simulator email servers in Microsoft 365 Defender, formerly known as Advanced Threat Protection (ATP).
Step 2: Basic Whitelisting (Defender)
Sign in to Microsoft 365 Defender portal
- Scroll down and select Email & Collaboration
- Select Policies & Rules
- Select Threat policies in the list.
- Under Policies, Select Anti-spam
- Select Anti-spam inbound policy (Default)
- Scroll down to Allowed And Blocked Senders and domains to Select Edit allowed and blocked senders and domains in the fly-out.
- In the fly-out under Allowed, select Allowed domains
- Click the Add Domains + button to add our domains one at a time and press Enter/Return to add them to the list.
Our whitelisting technical information can be found here: Whitelisting Technical Information.
- When finished select the Add domains button
- Select Done
- Click Save
Step 3. Phishing URL Whitelist (Defender)
Following this step will avoid click false-positives caused by our phishing URLs being accidentally detonated by Defender's pre-scanning software.
Sign in to Microsoft 365 Defender portal
- Scroll down and select Email & Collaboration
- Select Policies & Rules
- Select Threat policies in the list
- Scroll down to the Policies section and select Safe Links
- If the policy list is empty, select +Create.
- If you have a policy here already, click the policy entry to reveal its full details and select Edit protection settings to continue.
- The New Safe Links policy wizard opens. On the Name your policy page, configure the following settings:
- Name: Enter a unique, descriptive name for the policy.
- Description: Enter an optional description for the policy.
When you're finished, click Next.
- On the Users and domains page that appears, identify the internal recipients that the policy applies to (recipient conditions):
- Users: The specified mailboxes, mail users, or mail contacts in your organization.
- Groups: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization.
- Domains: All recipients in the specified accepted domains in your organization.
- Exclude these users, groups, and domains: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions.
When you're finished, click Next.
- On the URL & Click protection settings page that appears, configure the following settings:
For the "Email" section we recommend disabling:
- Apply Safe Links to email messages sent within the organization.
- Wait for URL scanning to complete before delivering the message.
- Scroll down to the Do not rewrite the following URLs in email section and select the link Manage 0 URLs
- Click "Add URLs".
- In the "ADD URLs" section, add our Application Domains. Each domain must be added using the format [rootdomain]/* so if you are adding the root domain "phishingdomain.com", you need to enter app.goldphish.com/*
Our whitelisting technical information can be found here: Whitelisting Technical Information.
When finished select Save, scroll down and click Done.
- The settings within "Teams", "Office 365 Apps", and "Click protection settings" can be left as the default setting.
When finished, click Next.
- On the Notification page that appears, select the value "Use the default notification text".
When you're finished, click Next.
- On the Review page that appears, review your settings. You can select Edit in each section to modify the settings within the section. Or you can click Back or select the specific page in the wizard.
When you're finished, click Submit.
- On the confirmation page that appears, click Done.
Step 4: **Optional** Advanced Delivery Policy (Defender)
This step accomplishes the same outcome as Step 2 and Step 3. This can be used as an advanced method if experiencing issues.
Sign in to Microsoft 365 Defender portal
- Scroll down and select Email & Collaboration
- Select Policies & Rules
- Select Threat policies in the list
- Click on Advanced delivery to manage overrides for special system use cases.
- click the Phishing simulations tab in the horizontal navigation.
- Click the blue Add button (see above) to configure this for the first time.
- Alternatively, click the the Edit button (pencil icon, see below) if a policy already exists.
- Enter our domains in the Domain box and our IP's in the Sending IP box.
Our whitelisting technical information can be found here: Whitelisting Technical Information.
- The last field Simulation URLs to allow is optional, but is recommended to include whatever the URLs we use for landing pages in the phishing simulations. We recommend you use:
- app.goldphish.com/*
Failing to add a domain in this step will not prevent emails from being delivered to recipients. However, with Microsoft Defender for Office 365, links may be blocked by Outlook whenever users click on them, regardless of disabling rewrite rules.
Now that you are finished with your whitelisting for your Microsoft 365 account, we recommend running a test phishing campaign to yourself or a small group of employees to verify the whitelisting was successful before launching awareness training or phishing simulations to your staff.
Troubleshooting
- If you have any messages that get placed in the user's junk email folders, add all our Phishing domains to the whitelist described in Step 1 and Step 2 (Defender users).
- If you are seeing 100% Click Rate on phishing campaigns, this is likely false-positives due to Defender detonating these URLs. Add all our domains to the whitelist described in Step 3.
- If Step 3 does not resolve a false-positive problem, it may be due to an additional third party pre-scanning software (Proofpoint, Mimecast, Barracuda, etc) accidentally detonating the phishing URLs. You will need to follow our guides to whitelist that software as well.
If these steps don’t resolve the issue, let us know by submitting a ticket to our support team.
You can contact us anytime by submitting a support request to: Support@goldphish.com