Magenta Security Awareness: Microsoft 365 Whitelisting

Advanced delivery policies

In Microsoft 365, to ensure that all simulated phishing emails reach their intended recipients, advanced delivery must be set up by following these steps:

1. Open Microsoft 365 Defender

2. Under Email & collaboration, select Policies & rules, and then Threat policies

3. Under Threat policies, go to the Rules group and select Advanced delivery

4. Here, select the tab called Phishing simulation and then select Edit. A new window titled Edit third party phishing simulations will open

5. In the corresponding fields, enter the whitelisting information provided in the “SoSafe Whitelisting Manual.pdf”, as follows:

   1. The domains provided under Envelope sender addresses (technical senders) belong in Sending Domain on the Microsoft page. Note that only the domain, the part after the @ (name@domain.com), should be added here, not the entire address.

   2. The IPv4 addresses provided under SoSafe mail servers belongs in Sending IP on the Microsoft page.

   3. The domains/URLs provided under List of used domains in the phishing links belong under Simulation URLs to allow on the Microsoft page. Please use the following format: "~example.com~".

6. Select Save to finish the process. It may take some time for the changes to take effect, but you should now see all the new entries listed under Phishing simulation.

What to read next and related articles

• Magenta Security Awareness: Whitelisting guide

• Magenta Security Awareness: Microsoft 365 additional configurations