Microsoft/Office 365 Whitelisting

This guide provides step-by-step instructions to whitelist phishing simulation emails in Microsoft Office 365, ensuring simulated emails reach users' inboxes without being blocked.

1. Whitelist Using Microsoft Defender for Office 365

Add Simulation Domains to Allowed List

1. Sign in to the Microsoft Defender Security Portal.
2. Under Email & Collaboration, select Threat policies.
3. Click Anti-phishing and select the Default policy (or create a custom one).
4. Under Advanced settings > Allowed senders and domains, add the PhishGrid simulation domains from your IP & Domains list.
5. Click Save.

Create a Safe Senders Policy

1. Open Microsoft Defender > Policies & Rules > Threat policies > Anti-spam policies.
2. Click Create policy (or edit an existing one).
3. Add simulation sender domain(s) under Allowed domains and addresses.
4. Click Save.

2. Configure Exchange Online Protection (EOP)

Bypass Spam Filtering

1. Sign in to Exchange Admin Center (admin.exchange.microsoft.com).
2. Navigate to Mail flow > Rules.
3. Click Add a rule > Bypass spam filtering.
4. Set condition: If the sender's domain is > enter simulation domain(s).
5. Under Actions, select Set the spam confidence level (SCL) to -1.
6. Click Save.

Allow via Connection Filtering

1. Go to Microsoft Defender > Policies & Rules > Anti-spam > Connection Filtering.
2. Add the IP addresses used for sending phishing simulations.
3. Click Save.

3. Configure Safe Links Policy

1. Navigate to Threat Policies > Safe Links.
2. Under Global Settings > Do not rewrite URLs, add the simulation domains.
3. Click Save.

4. Configure Safe Attachments Policy

1. Navigate to Threat Policies > Safe Attachments.
2. Add email addresses or domains used for simulations.
3. Click Save.

5. Troubleshooting

• Emails still quarantined? Check the Quarantine Portal and release manually.
• Links being rewritten? Ensure Safe Links policy is updated correctly.
• Attachments blocked? Confirm Safe Attachments settings.