Allowlisting in Microsoft

Guidance for Allowlisting in Microsoft:

Configuring Advanced Delivery for Phishing Simulations

• In the Microsoft Defender portal at https://security.microsoft.com/, go to Email & Collaborations > Policies & Rules > Threat Policies > Advanced Delivery in the Rules section.

  • Alternatively, go directly to the Advanced Delivery page https://security.microsoft.com/advanceddelivery

• On the Advanced Delivery page, select the Phishing Simulation Tab (Refer to screenshot below)

• Once on the Phishing Simulation tab, select the add button in the No third party simulation configured area of the page.

  • If there are already existing entries on the Phishing Simulation tab, select edit (this is only if the add button isn't available)

  

• On the add third party phishing simulations menu configure the following settings:

  • Insert phishing (sending) domains. These are all the active domains we use throughout the phishing campaigns.

  • There should be sixteen domains altogether - ‘spam-manager.co.uk’, ‘dropbx.uk’, ‘alert-manager.co.uk’, ‘hronlineaudit.co.uk’, ‘micorsoft.co.uk’, ‘new-order.uk’ ,’gov-co.uk', ‘link-in.co.uk’, ‘global-web-alerts.com’, ‘apple-alerts.co.uk’, ‘accounts-hubspot.co.uk’, ‘hsbc-online-banking.co.uk’, ‘slackchannels.co.uk’, ‘google-alerts.co.uk’, ‘microsoft-alerting.com’ and ‘businessalerter.com’

  • Below is screenshot reference on how it should look on your end.

    

  • Sending IP Address refers to Bob's Business IP - 35.178.254.71

    

  • Allowed Simulation URL refers to landing page domains. The * and /* are important as they allow anything before and after that domain to be whitelisted so any URL that has the domain in it can be used. Screenshot for reference below.

    

  • Once finished, click add and close.

  Further Information:

  Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes additional help.