TABLE OF CONTENTS
- Section 1: Configuring your Microsoft 365 Defender
- Section 2: Setting up your IP allow list (Historic 365 setting)
- Section 3: Bypassing your Clutter Folder and Spam Filter (Historic 365 setting)
- Section 4: Bypassing your Junk Folder for Office 365 mail servers (Historic 365 setting)
Section 1: Configuring your Microsoft 365 Defender
- Log in to your Microsoft 365 Defender portal
- Follow this path to Email & Collaboration -> Policies & Rules -> Threat policies -> Advanced Delivery-> Phishing Simulation -> Add.
- On the Edit third-party phishing simulation flyout that opens, enter domains, Sending IP's and Simulation URL's for our Product. To find these details please log in to Phish Insight and click the chat widget at the lower-right corner. Then click Allow List, and open Add Phish Insight to your Exchange / Microsoft 365 Allow List. Note our simulation URL's will change over time so please check the list before you launch a campaign.
Note: For more information on Microsoft 365 Defender settings, please visit this link.
Note: If you are still unable to receive the phishing campaign after configuring Section 1 - Microsoft 365 Defender, proceed to Sections 2–4.
Section 2: Setting up your IP allow list
- Log into your Microsoft 365 Defender admin portal.
- Select on Connection-filter policy (Default).
- Click Edit connection filter policy.
- Under the Always allow messages from the following IP addresses or address range, add the Phish Insight IP address then click Save.
Note: To access this information, log in to Phish Insight, click the chat widget at the lower-right corner, click Allow List, and open Add Phish Insight to your Allow List. Please ensure that you are logged in to your account to see this option.
Section 3: Bypassing your Clutter Folder and Spam Filter
To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, you can follow the steps below.
- Go to Admin -> Exchange Admin Center -> Mail Flow -> Rules.
- Click the (+) and select Bypass Spam Filtering.
- Give the rule a name, such as (Bypass Clutter & Spam Filtering by IP Address)
- Click on "More options"
- Add the condition "Apply this rule if..."
- Select "The sender", then clock on More options and select "IP address is in any of these ranges or exactly matches:
- Specify the following Phish Insight IP addresses, then click OK.
- Beneath "Do the following", click "Modify the message properties" then "Set a Message Header"
- Set the message header to this value:
Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true". NOTE: Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive. - Add an additional action beneath "Do the following" to "Modify the message properties". Here, click on "Set the spam confidence level (SCL) to..." and select "Bypass Spam Filtering".
- Click Save.
Section 4: Bypassing your Junk Folder for Office 365 mail servers
This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your recipients are receiving simulated phishing emails in their inboxes.
- Go to Admin -> Exchange Admin Center -> Mail Flow -> Rules.
- Click the (+) Create New Rule button beneath Mail Flow > Rules.
- Click More Options.
- Give the rule a name, such as Phish Insight - Skip Junk Filtering
- Click on more options.
- Add the condition Apply this rule if.....
- Select A message header > includes any of these words.
- On the right side of that rule, you will see Enter text and Enter words...
- Click the Enter text and type in the header X-PhishInsightCustom and then click Enter words ... and paste the Customize mail header value from Phish Insight portal then click the big + sign.;/
- In Phish Insight portal, go to Settings > Company details and copy the contents of the Key and Value fields.
- In Phish Insight portal, go to Settings > Company details and copy the contents of the Key and Value fields.
- Beneath Do the following, click Modify the message properties then Set a Message Header.
- Set the message header X-Forefront-Antispam-Report to the value SFV:SKI;
- Add an additional action beneath "Do the following" to "Modify the message properties". Here, click on "Set the spam confidence level (SCL) to..." and select "Bypass Spam Filtering".
- Click Save.