Note This description is based on the status of the Microsoft 365 Portal in June 2023. Changes to the user interface on the part of Microsoft are possible at any time and must be taken into account accordingly in the implementation. All information without warranty.
Configuration of Whitelisting for Awareness PLUS in Microsoft 365 (former: Office365)
Last adaption: 06.2023
New:
Re-arrangement of the configuration steps
New sections:
Advanced delivery for Microsoft 365 Defender
Secure links in Microsoft 365 Defender
Configure spoof intelligence
Whitelisting of technical senders
Exchange Online Protection spam filter and clutter folder
notempty
This article refers to a Resellerpreview
-
Whitelisting
In order to ensure that the simulated phishing emails from the Awareness PLUS training are not blocked by the Microsoft mail server or Microsoft Defender, whitelisting must be configured at various points. The individual steps should be performed in the given order.
Basic configuration
Advanced delivery for phishing simulations for Microsoft 365 Defender
Click on Phishing-Simulation and then on Edit to add entries.
Fig.7
Enter the domain of the technical sender here (the entire part following the "@" of the email address, e.g. admin@ttt-point.de → ttt-point.de). Enter the IPv4 addresses (Listing of all used addresses).
Enter the Simulations-URLs used in the phishing links into the field. The format for entering the URLs is "anyideas.de".
Then Add
Microsoft 365 Defender warning
The domains used in the phishing simulation can be stored in Microsoft 365 Defender (formerly Advanced Threat Protection - ATP) so that no warning message is displayed.
The first value must be the spoofed user (display name in the e-mail), which can be found under: Choose tenant Start page Simulation Email Templates , in the column "Sender". Second value (separated by a comma) must be the IPv4 address as from Whitelisting. Since there are multiple IP addresses, a complete entry for a spoofed user looks like this:
user1@Anyideas.de, first IPv4 address
user1@Anyideas.de, second IPv4 address
user1@Anyideas.de, third IPv4 address
The Spoof type must be "Internal" and the Action must be set to "Allow".
Further steps
If the above instructions for whitelisting Microsoft products are not sufficient, the following additional steps may help: