This document describes how to add the phishing domains used by the SoSafe Phishing Simulation to a policy for the Microsoft 365 Security Center that prevents your users from seeing the following warning screen in the browser.  

 

 

1. First, please log in at https://login.microsoftonline.com/ and switch to "Security" under "All apps" 

 

2. Click on "Policies" and then on "ATP-Secure Links (Office 365)" 

  • The window for editing secure links opens 

 

 

3. Click on "Create" to add a new safe links policy 

 

4. Name your policy and give it, if necessary, a description, then select “URLs will be rewritten and checked against a list of known malicious links when user clicks on the link.” under "Settings" 

 

 

  1. 5. Scroll down in the settings. Now you can define all URLs for the new policy, which are listed in the SoSafe Manager under Simulation > Whitelisting > List of used domains in the phishing links. The format of the domain should always match the format https://domain/* (e.g., https://learning.sosafe.de/*).  
  1. 6. In the " Applied to" tab, select the domain of your organization as the recipient domain.