To ensure that our phishing simulation emails are delivered successfully and not marked as spam, admins need to add our domain and IP address to the allowlist in the Microsoft 365 Admin Center.

Prerequisites: administrator access to the Microsoft 365 Defender portal (specifically a role with security administration privileges is required).

Part 1: Ensuring Emails are Successfully Received

Step 1: Log in to the Microsoft 365 Defender Portal

Go to the Microsoft 365 Defender portal
Sign in using your administrator credentials

Step 2: Access Email & Collaboration Policies

In the left-hand navigation pane, go to: Email & Collaboration > Policies & Rules

Step 3: Open Threat Policies

Click on the "Threat policies" option that appears under “Policies & Rules”

Step 4: Access Advanced Delivery

Select "Advanced delivery" from the list of options
- This section is used for configuring overrides and exceptions for special use cases like phishing simulations
  Note: If "Advanced delivery" is not visible, refer to Method #2 below

Step 5: Navigate to the Phishing Simulations Tab

In the Advanced delivery section, go to the "Phishing simulations" tab in the horizontal menu bar

Step 6: Add or Edit a Simulation Policy

You can now either:
- Click the "Add" button to create a new policy
  or
- Click the pencil icon (Edit) next to an existing policy to modify it

Step 7: Configure Guardz Simulation Details

In the policy form:
- Domain - add the following:
  - mailpercents.com
  - amazonmsg.com
- Sending IP - add the following:
  - 149.72.40.178
- URLs - add the following:
  - authwebmail.com/*
  - *.authwebmail.com/
  - cmail31.com/*
  - *.cmail31.com/
  - securesupportcloud.com/*
  - *.securesupportcloud.com/
  - webnotifications.net/*
  - *.webnotifications.net/
  - alerting-services.com/*
  - *.alerting-services.com/
  - hrsupport-msg.com
  - cisco-msg.com
  - skack-msg.com
  - oracle-msg.net
  - uszoom.online
  - amazonmsg.com
  - microsoft-office-365.net
  - mail-support.net

Step 8: Save Your Settings

Click "Save" to apply the changes

Please note:

Changes may take up to 24 hours to take effect across the system
In case emails are still blocked by Microsoft defender, you might be required to add the following domains in addition to the domain you entered in step 7 above:
- mail-support.net
- microsoft-office-365.net
- amazonmsg.com
- uszoom.online
- gɒɒgle.com
- oraclemsg.net
  slack-msg.com
- cisco-msg.com
- hrsupport-msg.com

Part 2: Avoiding False Positive Results

Phishing simulations may be flagged by Microsoft Defender for Office 365 due to the Safe Links feature. This can result in false positives, such as automatic email opens or link clicks. To ensure accurate results, follow the steps below to properly allowlist URLs and IP addresses in both Microsoft Defender and Exchange Online.

A. Configure Safe Links in Microsoft Defender:

Step 1: Open Microsoft Security Portal

Navigate to: https://security.microsoft.com
In the left-hand menu, go to E-mail & collaboration > Policies & rules > Threat policies

Step 2: Access or Create a Safe Links Policy

Click on Safe Links to view existing policies
If no policy is listed:
- Click Create to define a new Safe Links policy
- Ensure all relevant domains are included in the policy's scope
If a policy already exists:
- Click the existing policy to open its details

Step 3: Edit the Protection Settings

Scroll down and click Edit protection settings

Step 4: Add URL to Exception List

Find the section called ‘Do not rewrite the following URLs’
Add the following URL to the list:
https://mailpercents.com/*

At this point, configuration in the Microsoft Defender portal is complete.

B. Configure an Allowlist Rule in Exchange Online

Step 1: Open Exchange Admin Center

Navigate to: https://admin.exchange.microsoft.com

Step 2: Create a Mail Flow Rule

In the left-hand menu, click Mail Flow > Rules
Click Add a rule, then choose to create a new rule

Step 3: Define Rule Conditions

Enter a name for the rule (e.g., "Allowlist Phishing Simulation IP")
Under Apply this rule if, select The sender > IP address is in any of these ranges or exactly matches
Enter the IP address: 149.72.40.178

Step 4: Set Header to Skip Safe Links

Under Do the following, choose:
Modify the message properties > Set a message header
Set the following values:
- Header name: X-MS-Exchange-Organization-SkipSafeLinksProcessing
- Value: 1

Step 5: Save and Enable the Rule

Click Save to create the rule
After saving, locate the new rule in the list, click it, and ensure the rule is turned on by toggling the switch

Final notes:

For full coverage, it is recommended to add the domain and IP address in both the Microsoft Defender portal and the Exchange Online rule.

After completing the setup, run a test phishing campaign using the newly allowlisted domain to confirm that the configuration works correctly.

These instructions are intended for educational use only. Phishing simulations must be conducted to raise security awareness and educate users. They must never be used to mislead, exploit, or collect sensitive information.

Introduction to Phishing Simulation

Pre-Built Phishing Templates

Check Point Email Protection: Management, Configuring & Policies Handling

Phishing Simulation Email Injection

Simplify Security Setup: Guardz Unified Application for Microsoft 365