Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

How to Whitelist an IP Address in Office 365 for Living Security Phish

IP addresses can be whitelisted in 3 different ways in Office 365:

ℹ️ To complete these procedures, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.

How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs and Domains in the O365 environment in the Phishing Simulation feature.

  1. Note the IP addresses to be allowed, found here.
  2. Sign in to the Microsoft Security & Compliance Center.
  3. Click the Policies & rules item on the left sidebar menu.
  4. Go to Threat policies > Advanced delivery.
  5. Click the Phishing simulations tab and click Edit.
  6. Add the IP address to Sending IP section.
  7. Add the Domain address (also known as the MAIL FROM address) used in the phishing campaign into the Domains section.
  8. Add the phishing domains (found in the Phishing tool: Phishing Simulator > Settings > Domains) by using *.domain.com/* wildcard syntax to Simulation URLs to allow section.
  9. Click Save to complete the process.

ℹ️ If your domain's MX record does not point to Microsoft Office 365 and emails are forwarded to another domain before yours, you cannot use the Third-party Phishing Simulations Feature by default. For more information, please visit Microsoft's website.

How to Whitelist Using the Threat Policies Feature in Office 365

  1. Sign in to the Microsoft Security & Compliance Center.
  2. Click the Policies and rules item on the left sidebar menu and select Threat Policies.
  3. Click the Policies and rules > Anti-Spam under the Policies. To go directly to the Anti-spam policies page, use https://security.microsoft.com/antispam
  4. Click the Connection filter policy and select the Edit connection filter.
  5. Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.
  6. Enable the Turn on safe list option.
  7. Click Save to complete the process.

How to Whitelist Using the Safe Links Feature in Office 365

ℹ️ This step is suggested to prevent any false clicks on training or phishing reports.

  1. Sign in to the Microsoft Security & Compliance Center.
  2. Click Policies and rules from the left sidebar menu, click Threat Policies and select Safe Links.
  3. Click Create.
  4. Add a name and description for your safe links policy and click Next.
  5. Select your company domain to be included in this policy and click Next.
  6. Deselect the Track user clicks option.
  7. Add the phishing domains (Found in the Phishing tool: Phishing Simulator > Settings > Domains) by using *.domain.com/* wildcard syntax to the Do not rewrite the following URLs section.
  8. Click the Next button and select Submit to complete the process.

Setting up a mail flow rule to bypass spam filtering

  1. Log in to your mail server Admin portal. Then, navigate to Admin centers > Exchange.
  2. Go to Exchange > Mail flow > Rules and click + button
  3. Select the Bypass Spam Filter option.
  4. Enter a name for your whitelisting rule.
  5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
    1. To the right you'll see "Enter text...", click "Enter Words" to bring up a new window labeled specify IP address ranges, and enter the IPs listed here and then click the Save button.
  6. Scroll down to the "Do the following" section.
    1. Select the "Modify the message properties" option and then select the "Set the spam confidence level(SCL)" option.
    2. And then click the Set the spam confidence level (SCL) to '-1' option and select "Bypass spam filtering" and click the Save button.
  7. Next to the "Do the following" field, click + button to create a new rule.
    1. Select the "Modify the message properties" option and then select the "set a message header" option.
    2. Click "Enter Words" and type "X-MS-Exchange-Organization-BypassClutter" and then click the Save button.
    3. Next, click Enter Words under the "header value" and type "true".
  8. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
  9. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

Once you have completed this setup please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group to test your new whitelisting rule.

               

How to Bypass Advanced Threat Protection (ATP) "Attachment" by Using IP Address in Office 365

The below instructions will show you how to whitelist the attached files in the emails that will be sent from the platform to users whitelisting the Sender IPs in the O365 environment with the "SkipSafeAttachmentProcessing" rule.

ℹ️ This step is suggested to prevent scanning phishing simulation attachment files by O365 sent by the platform.

  1. Sign in to the admin portal.
  2. Go to Exchange > Mail flow > Rules and click the + Add a rule button.
  3. Click on the Create a new rule option.
  4. Enter a name for your whitelisting rule.
  5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
    1. To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.
  6. Scroll down to the "Do the following" section.
    1. Select the "Modify the message properties" option and then select the "Set a message header" option.
    2. Set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" and set the value to "1".
  7. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
  8. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.
  

How to Bypass Advanced Threat Protection (ATP) "Link" by Using IP Address in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeLinksProcessing" rule.

ℹ️ This step is suggested to prevent scanning phishing simulation links by O365 sent by the platform.

  1. Sign in to the admin portal.
  2. Go to Exchange > Mail flow > Rules and click the + Add a rule button.
  3. Click on the Create a new rule option.
  4. Enter a name for your whitelisting rule.
  5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
    1. To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.
  6. Scroll down to the "Do the following" section.
    1. Select the "Modify the message properties" option and then select the "Set a message header" option.
    2. Set the message header to "X-MS-Exchange-Organization-SkipSafeLinksProcessing" and set the value to "1".
  7. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
  8. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

Troubleshooting

If the emails sent by the platform somehow is not delivered to the user's inbox, the admin can use the following steps to see why it's not delivered and find a solution for it.
  1. Sign in to the admin portal.
  2. Go to Exchange > Mail flow > Message Trace and click + start a trace button.
  3. Enter the from address to the "Senders" field which is expected to be delivered from the platform and click Search button.
  4. The O365 will list the emails that is delivered from the specified email address and then you can click on the emails to see more information.

Questions? Contact Us or Submit a Support Request