Advanced delivery for phishing simulations in Microsoft 365 Defender gives you the ability to whitelist SoSafe. In this article we will explain step by step how to configure advanced delivery on your end.

 

Step 1


Log in to your mail server portal as an administrator and click on “Security”

 

 

 

Step 2 

 

Navigate to  “Policies & rules“(2a) and then to Threat policies” (2b) .

 

 

 

 

Step 3

 

In the section “Rules” click on “Advanced delivery”

 

Step 4


On the "Advanced delivery" page, select the “Phishing simulation” tab (4a), and click “Edit” (4b).

 

Step 5


On the “Edit third-party phishing simulations” window that opens you can enter the whitelisting information via the dropdown menu. You can find the whitelisting information in the SoSafe-Manager.

 

Step 6

 

In the “Sending Domain (x items)” field, please enter the domains of the technical senders. 

The domain of the technical senders is the part coming after the "@" of the e-mail address, e.g. name@example.com.

 

Step 7

 

Please enter our IPv4 address in the field "Sending IP (x items)".

 

Step 8 (Optional)

 

If the URLs in our phishing emails are blocked, you should implement step 8 by entering the domains/URLs used in the phishing links in the "Simulation URLs to allow (x items)" field. Please use the following format: "*.example.com/*". Now click on "Save".


Important: 


Please note that only 10 entries are allowed at this point. Therefore, it is additionally necessary to whitelist the phishing domains in Microsoft Defender.  


This is described in the following article: Microsoft Defender: Configuration of Safe Links



Please note that it may take some time for the settings to take effect.