This document describes how to add the phishing domains used by the SoSafe Phishing Simulation to a policy for the Microsoft Defender for Office 365 (former Microsoft 365 Security Center) that prevents your users from seeing the following warning screen in the browser:
1. First, please go to https://www.office.com/apps?auth=2&home=1 and switch in "Office 365" tab to "Security".
A new tab of Microsoft 365 Defender will open.
2. Click on "Policies and rules" and then on “Threat policies”. Under the Threat policies click on “Safe Links”.
The window for editing secure links opens.
3. Click on "Create" to add a new safe links policy.
4. Name your policy and give it, if necessary, a description.
5. In the "Users and domains" tab, select the domain of your organization as the recipient domain.
6. In the protection settings, select “URLs will be rewritten and checked against a list of known malicious links when user clicks on the link.”.
Scroll down in the settings. Now you can define all URLs for the new policy, which are listed in the SoSafe Manager under Simulation > Whitelisting > List of used domains in the phishing links. The format of the domain should always match the format https://domain/* (e.g., https://learning.sosafe.de/*).