Guidance for Allowlisting in Microsoft:
Configuring Advanced Delivery for Phishing Simulations
-
In the Microsoft Defender portal at https://security.microsoft.com/, go to Email & Collaborations > Policies & Rules > Threat Policies > Advanced Delivery in the Rules section.
- Alternatively, go directly to the Advanced Delivery page https://security.microsoft.com/advanceddelivery
-
On the Advanced Delivery page, select the Phishing Simulation Tab (Refer to screenshot below)
-
Once on the Phishing Simulation tab, select the add button in the No third party simulation configured area of the page.
- If there are already existing entries on the Phishing Simulation tab, select edit (this is only if the add button isn't available)
-
On the add third party phishing simulations menu configure the following settings:
-
Insert phishing (sending) domains. These are all the active domains we use throughout the phishing campaigns.
-
There should be twenty three domains altogether - ‘spam-manager.co.uk’, ‘dropbx.uk’, ‘alert-manager.co.uk’, ‘hronlineaudit.co.uk’, ‘micorsoft.co.uk’, ‘new-order.uk’ ,’gov-co.uk', ‘link-in.co.uk’, ‘global-web-alerts.com’, ‘apple-alerts.co.uk’, ‘accounts-hubspot.co.uk’, ‘hsbc-online-banking.co.uk’, ‘slackchannels.co.uk’, ‘google-alerts.co.uk’, ‘microsoft-alerting.com’, 'user-alerts.co.uk', 'windows-updates.co.uk', 'googleonline-docs.co.uk', 'micors0ft.com' 'auto-alerts.com' 'google-alerter.com', 'order-confirmed.com' and ‘businessalerter.com’
-
Below is screenshot reference on how it should look on your end.
-
Sending IP Address refers to Bob's Business IP - 35.178.254.71
-
Allowed Simulation URL refers to landing page domains. The * and /* are important as they allow anything before and after that domain to be whitelisted so any URL that has the domain in it can be used. Screenshot for reference below.
-
Once finished, click add and close.
Further Information:
Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes additional help.
-