Whitelisting simulated phishing in Office 365
This guide is intended for administrators to allow simulated phishing from Secure Practice.
You need a security administrator role in Office 365 to be able to complete this guide.
In the main menu (left navigation), find «Policies & Rules».
- Click the «Threat policies» link in the list that comes up, to reveal the following:
Here, click on «Advanced delivery» to manage overrides for special system use cases.
- On the next page, click the «Phishing simulations» tab in the horizontal navigation:
This is where Microsoft allows us to configure the rules we need.
- Click the blue «Add» button (see above) to configure this for the first time.
- Alternatively, click the the «Edit» button (pencil icon, see below) if a policy already exists.
In the «Domain» field, insert the following:
In the «Sending IP» field, insert the following:
In the «Simulation URLs to allow» field, make sure you include all web domains used with the phishing simulator, including:
This last field for simulation URLs is however optional, but is recommended to include whatever URLs for domain names you are going to use for landing pages in your phishing simulations.
Using other email and security systems in your organization?
Please review our simulated phishing overview and ensure you bypass other filters, too.