This description is based on the status of the Microsoft 365 Portal in June 2023. Changes to the user interface on the part of Microsoft are possible at any time and must be taken into account accordingly in the implementation.
All information without warranty.
Configure Microsoft 365 spoof intelligence
New article: 06.2023
notempty
This article refers to a Resellerpreview
Whitelisting
To ensure that the simulated phishing emails of the Awareness PLUS training are not blocked by the Microsoft mail server or Microsoft Defender, whitelisting must be configured at various points.
Configure spoof intelligence
Fig.1
Log in to the MS365 portal at https://login.microsoftonline.com
Fig.2
Menu Security
Fig.3
Menu Policies and rules
Fig.4
Menu Threat policies
Fig.5
Tenant allow/block list menu
Fig.6
Click Block button
Fig.7
The first value must be the spoofed user (display name in the e-mail), which can be found under: Choose tenant
Start page 
Simulation 
Email Templates , in the column "Sender".
Second value (separated by a comma) must be the IPv4 address as from Whitelisting. Since there are multiple IP addresses, a complete entry for a spoofed user looks like this:
The Spoof type must be "Internal" and the Action must be set to "Allow".
Start page Simulation Email Templates , in the column "Sender".Second value (separated by a comma) must be the IPv4 address as from Whitelisting. Since there are multiple IP addresses, a complete entry for a spoofed user looks like this:
- user1@Anyideas.de, first IPv4 address
- user1@Anyideas.de, second IPv4 address
- user1@Anyideas.de, third IPv4 address
The Spoof type must be "Internal" and the Action must be set to "Allow".