How to Whitelist an IP Address in Office 365 for Living Security Phish


IP addresses can be whitelisted in 3 different ways in Office 365:

ℹ️ To complete these procedures, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.


How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365

ℹ️ If your domain's MX record does not point to Microsoft Office 365 and emails are forwarded to another domain before yours, you cannot use the Third-party Phishing Simulations Feature by default. For more information, please visit Microsoft's website.

  1. Note the IP addresses to be allowed:

        SMTP IP Address SMTP PTR Record
    149.72.161.59 o1.ptr4777.keepnetlabs.com
    149.72.42.201 o2.ptr4175.keepnetlabs.com
    149.72.154.87 o3.ptr8903.keepnetlabs.com
    37.1.145.36 smtp1.keepnetlabs.com
    37.1.145.35 smtp2.keepnetlabs.com
  2. Sign in to the Microsoft Security & Compliance Center.
  3. Click the Policies & rules item on the left sidebar menu.
  4. Go to Threat policies > Advanced delivery.
  5. Click the Phishing simulations tab and click Edit.
  6. In the Third-party phishing simulations window, add the IP and domain addresses to be accepted.
  7. In the Simulation URLs to allow section, set the domain names.
  8. Click Save to complete the process.

How to Whitelist Using the Threat Policies Feature in Office 365


  1. Sign in to the Microsoft Security & Compliance Center.
  2. Click the Policies and rules item on the left sidebar menu and select Threat Policies.
  3. Click the Connection filter policy and select the Edit connection filter.
  4. Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.
  5. Enable the Turn on safe list option.
  6. Click Save to complete the process.

How to Whitelist Using the Safe Links Feature in Office 365

  1. Please ask for the list of the phishing simulator domains from the support team.
  2. Sign in to the Microsoft Security & Compliance Center.
  3. Click Policies and rules from the left sidebar menu and select Safe Links.
  4. Click Create.
  5. Add a name and description for your safe links policy and click Next.
  6. Select your company domain to be included in this policy and click Next.
  7. Check the Do not track user clicks option.
  8. Add the domain addresses noted above to the Do not rewrite the following URLs section.
  9. Click the Next button and select Submit to complete the process.


Questions? Please contact help@livingsecurity.com