Setting Up Microsoft 365 Defender and Exchange Allow List

To allow Phishing Simulation to send your organization emails, configure Microsoft 365 Defender and Microsoft Exchange allow list settings.

  1. Configure your Microsoft 365 Defender phishing simulation settings to allow Phishing Simulation to send your organization emails.
    1. On the Trend Micro Vision One console, locate and copy the Phishing Simulation sending domains, sending IPs, and simulation URLs by going to Phishing Simulation Assessment > Step 3 Delivery > Settings.
    2. In the Microsoft 365 Defender portal, go to Email & collaboration > Policies & rules > Threat policies > Advanced delivery in the Rules section.
    3. On the Advanced delivery page, click the Phishing simulation tab and then click Add.
    4. In the Edit third-party phishing simulation panel that opens, configure the following settings.
      • Sending domain

      • Sending IP

      • (Optional) Simulation URLs

      Your organization should now be able to receive emails from Phishing Simulation. To verify email delivery, run a test phishing campaign.

    Note:

    The simulation URLs change over time. Check the list before launching a new campaign.

    For more information on configuring Microsoft 365 Defender settings, see Use the Microsoft 365 Defender portal to configure third-party phishing simulations.

    Important:

    Step 1 outlines Microsoft's new method for configuring phishing simulation allow lists, replacing Microsoft's historical methods. If your organization is still unable to receive Phishing Simulation emails after you complete Step 1, complete the historical methods outlined in Steps 2-4 and then run another test phishing campaign.

  2. (Optional) Configure your IP allow list.
    1. On the Trend Micro Vision One console, locate and copy the Phishing Simulation sending IP address by going to Phishing Simulation Assessment > Step 3 Delivery > Settings.
    2. In the Microsoft 365 Defender portal, go to Email & collaboration > Policies & rules > Threat policies > Anti-spam policies delivery.
    3. Click Connection-filter policy (Default) > Edit connection filter policy.
    4. Under Always allow messages from the following IP addresses or address range add the Phishing Simulation sending IP address, and then click Save.
  3. (Optional) Bypass spam filtering in Microsoft Exchange Online Protection (EOP).
    1. On the Trend Micro Vision One console, locate and copy the Phishing Simulation sending IP address by going to Phishing Simulation Assessment > Step 3 Delivery > Settings.
    2. In the Microsoft Exchange admin center, go to Mail Flow > Rules.
    3. Click + > Bypass spam filtering.
    4. Specify a name for the rule.
    5. Click More options.
    6. Under the condition Apply this rule if... select The sender.
    7. Click More options and select IP address is in any of these ranges or exactly matches.
    8. Specify the Phishing Simulation sending IP address and click OK.
    9. Under Do the following... select Modify the message properties > set a message header.
    10. Specify the message header X-MS-Exchange-Organization-BypassClutter and specify the header value true.
      Important:

      Both the message header ("X-MS-Exchange-Organization-BypassClutter") and value ("true") are case-sensitive.

    11. Click add action to add an additional action under Do the following...
    12. Select Modify the message properties > set the spam confidence level (SCL) > Bypass spam filtering and click Save.
  4. (Optional) Bypass junk mail filtering for Office 365 mail servers.
    1. On the Trend Micro Vision One console, locate and copy the Phishing Simulation header key and header value by going to Phishing Simulation Assessment > Step 3 Delivery > Allow List Settings.
    2. In the Microsoft Exchange admin center, go to Mail Flow > Rules.
    3. Click + > Create a new rule... and specify a name for the rule.
    4. Click More options.
    5. Under the condition Apply this rule if... select A message header > includes any of these words.
    6. Under Enter text specify the Phishing Simulation header key and then click Enter words.
    7. Specify the Phishing Simulation header value and then click +.
    8. Under Do the following select Modify the message properties > Set a message header.
    9. Specify the message header X-Forefront-Antispam-Report and specify the header value SFV:SKI;
    10. Click add action to add an additional action under Do the following...
    11. Select Modify the message properties > set the spam confidence level (SCL) > Bypass spam filtering and click Save.