Microsoft 365 - Whitelisting
This article should be your starting point if you use Microsoft 365. Several things must be done to allow our simulated phishing emails reach your employees' inboxes (also known as whitelisting or allowlisting). In addition, this will enable your employees to access the learning pages they are supposed to see if they do click on one of these emails.
Following these instructions ensures that our simulated phishing emails - and only those - can bypass your email filters.
What to know before you start
We recommend starting work on this early. You might have to involve your IT department in the process and technical issues can come up.
However, do note whitelisting cannot be finalized until the phishing templates have been picked as this can influence some of the technical details.
Step-by-step instructions
We have split the main things you have to do in 3 articles. You should follow them in this order:
Advanced delivery for third-party phishing simulations (Microsoft 365)
Setting up Spoof Intelligence to let simulated phishing emails through (Microsoft Defender)
Once you have followed these instructions, you should make sure the emails are getting through by selecting Send test mails in the SoSafe Manager (Settings / Whitelisting). Do not worry: after selecting the button, you will be able to specify which email adress the test mails will be sent to.
If the above did not work, you can find further information in the following articles:
IP Permission List, Transport Rules (Microsoft 365)
Whitelisting envelope sender addresses (Microsoft 365)
To further improve the effectiveness of our training solutions, we recommend automatically allowing the images in our simulated emails to be displayed, as explained in the following articles: