Microsoft 365 - Whitelisting / DMI

Read this article in: Deutsch, Français, Dutch

This article should be your starting point if you use Microsoft 365. Several things must be done to allow our simulated phishing emails reach your employees' inboxes (also known as whitelisting or allowlisting). In addition, this will enable your employees to access the learning pages they are supposed to see if they do click on one of these emails.

Following these instructions ensures that our simulated phishing emails - and only those - can bypass your email filters.

What to know before you start

We recommend starting work on this early. You might have to involve your IT department in the process and technical issues can come up.

There are two separate paths you can follow. We recommend the first, using Direct Message Injection (DMI) since this is considerably easier to set up and more flexible. If DMI does not work for you, traditional whitelisting is possible as well.

Direct Message Injection (DMI) is a method of delivering simulated phishing emails directly to users' inboxes without routing them through email gateways. This significantly reduces the complexity of whitelisting and eliminates the chance of filters blocking or flagging our emails. DMI ensures consistent delivery and faster deployment.

As an alternative to DMI, you can use traditional whitelisting. This approach involves configuring your email system to recognize and allow messages from specific IP addresses, domains, or senders. While it can be effective, it typically involves a more complex setup, ongoing maintenance, and a greater risk of SoSafe emails being quarantined or flagged as spam.

DMI steps

Please follow the articles in the following order:

1. Direct Message Injection (DMI) setup guide for Microsoft 365/Entra
   This allows simulated phishing emails sent by SoSafe to reach your users' inboxes.

2. Whitelisting domains with safe links (Microsoft Defender)
   This removes warnings shown when clicking on links in simulated phishing emails sent by SoSafe.

3. Reloading images for certain senders (Microsoft 365)
   This makes sure images are being displayed properly.

Traditional whitelisting steps

We have split the main things you have to do into the following articles. You should follow them in this order:

1. Advanced delivery for third-party phishing simulations (Microsoft 365)
   This allows simulated phishing emails sent by SoSafe to reach your users' inboxes.

2. Whitelisting domains with safe links (Microsoft Defender)
   This makes sure simulation links remain functional and look authentic.

3. Setting up Spoof Intelligence to let simulated phishing emails through (Microsoft Defender)
   This prevents banners that make simulated phishing emails less realistic.

4. Making sure images are being displayed properly:

   • For New Outlook or Classic Outlook with Microsoft 365: Reloading images for certain senders (Microsoft 365)

   • For Classic Outlook in on-premise environments: Enable images in emails (Outlook Trust Center)

If your organization uses additional email security tools or gateways alongside Microsoft 365, please ensure that the whitelisting steps are also applied within those systems to guarantee successful email delivery.

Once you have followed these instructions, you should make sure the emails are getting through by selecting Send test mails in the SoSafe Manager (Settings / Whitelisting). Do not worry: after selecting the button, you will be able to specify which email adress the test mails will be sent to.