Outlook - Automatically set safe senders

In many Systems, the automatic downloading of images in emails is disabled by default. To make the simulated pishing emails from AwarenessPlus more convinving, certain domains should be added as exeptions. The following shows the settings that need to be configured so that the image display can be automated in exeptional cases.

• In Outlook, go to File → Options → Trust Center → select Trust Center Settings
• Activate the checkbox Allow downloads from websites in the following security zone and confirm with ok
• Next, in Windows, open Internet Options → Security → Trusted Sites → Sites
• Add https://public.sosafe.de and https://api.sosafe.de then click close
• Switch on to the Advanced tab and select 'Reset'
• Ensure that the checkbox Encrypted pages are not stored on the disk is not selected

The changes must be made for each user. Depending on the IT infrastructure, the settings can also be distributed via a Windows Server Group Policy:

• In the Group Policy, go to Computer → Configuration \ Administrative Templates \ Windows Components \ Internet Explorer \ Internet Options \ Security Page \ Site to Zone Assignement
• Here, assign the value "2" to "https://*.sosafe.de"

If Outlook allows downloading images from trusted sites, the process is complete.
Otherwise, the DWORD key JunkMailImportLists needs to be set to "1". This key is located in the registry under HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\1x.0\Outlook\Options\Mail.

1x.0 represents the version of the software. For Office, 2010, it's 14.0, for Office 2013 it's 15.0 and for Office 2016 and 2019, it's 16.0.

Retrieve Credentials for Exchange Online	$UserCredential = Get-Credential
Establish connection with Exchange Online	Connect-ExchangeOnline -UserPrincipalName $UserCredential.UserName -ShowProgress$true
Define list of trusted senders and domains	$TrustedDomains = @("domain1.com", "domain2.com", "trustedemail@domain3.com")
Retrieve all users in the domain	$Users = Get-Mailbox -ResultSize Unlimited
For each user, add the list of trusted senders/domains	foreach ($User in $Users) { $SafeSenders = (Get-MailboxJunkEmailConfiguration -Identity $User.UserPrincipalName).TrustedSendersAndDomains $UpdatedSafeSenders = $SafeSenders + $TrustedDomains Set-MailboxJunkEmailConfiguration -Identity $User.UserPrincipalName - TrustedSendersAndDomains $UpdatedSafeSenders }
Varify	Get-MailboxJunkEmailConfiguration -Identity "Benutzer@Wachsfabrik.de"
Optional: Error handling	$UpdatedSafeSenders = $UpdatedSafeSenders | Sort-Object -Unique
Log out of the PowerShell Session	Disconnect-ExchangeOnline -Confirm:$false

Even without the following settings, emails will be delivered, however, loading external images enhances the credibility of AwarenessPLUS test emails.

In Microsoft 365, users can manually add safe senders in the Junk Email options. However, this process can be cumbersome, so it is recommended to configure these settings using PowerShell for the entire organization. The following steps need to be followed:

• Open PowerShell
• Users who are part of the awareness training can be pulled from Active Directory
• Apply the following command (CMDLET):

{ Set-MailboxJunkEmailConfiguration -Identity $User.UserPrincipalName -TrustedSendersAndDomains @{Add="noreply@sosafe.de"} }

"Identity" must be a variable (e.g., User emails or IDs)!

• After this, the sender "noreply@sosafe.de" will be treated as a safe sender.