To allow Phishing Simulation to send your organization emails, configure Microsoft 365 Defender and Microsoft Exchange allow list settings.
(Optional) Simulation URLs
Your organization should now be able to receive emails from Phishing Simulation. To verify email delivery, run a test phishing campaign.
The simulation URLs change over time. Check the list before launching a new campaign.
For more information on configuring Microsoft 365 Defender settings, see Use the Microsoft 365 Defender portal to configure third-party phishing simulations.
Step 1 outlines Microsoft's new method for configuring phishing simulation allow lists, replacing Microsoft's historical methods. If your organization is still unable to receive Phishing Simulation emails after you complete Step 1, complete the historical methods outlined in Steps 2-4 and then run another test phishing campaign.
Both the message header ("X-MS-Exchange-Organization-BypassClutter") and value ("true") are case-sensitive.