How to Whitelist an IP Address in Office 365
IP addresses can be whitelisted in 3 different ways in Office 365:
  • Recommended – using the third-party phishing simulations feature
  • License Required – using the threat policies feature
  • License Required – using the safe links feature

How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
  1. 1.
    Note the IP addresses to be allowed.
  2. 2.
    Sign in to the Microsoft Security & Compliance Center.
  3. 3.
    Click the Policies & rules item on the left sidebar menu.
  4. 4.
    Go to Threat policies > Advanced delivery.
  5. 5.
    Click the Phishing simulations tab and click Edit.
  6. 6.
    In the Third-party phishing simulations window, add the IP and domain addresses to be accepted.
  7. 7.
    In the Simulation URLs to allow section, set the domain names that you can get by requesting from the support team.
  8. 8.
    Click Save to complete the process.
If your domain's MX record does not point to Microsoft Office 365 and emails are forwarded to another domain before yours, you cannot use the Third-party Phishing Simulations Feature by default. For more information, please visit Microsoft's website.

How to Whitelist Using the Threat Policies Feature in Office 365

This section explains how to whitelist sender IPs using the Threat Policies feature on the Office365 administration panel.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
  1. 1.
    Note the IP addresses to be allowed.
  2. 2.
    Sign in to the Microsoft Security & Compliance Center.
  3. 3.
    Click the Policies and rules item on the left sidebar menu and select Threat Policies.
  4. 4.
    Click the Connection filter policy and select the Edit connection filter.
  5. 5.
    Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.
  6. 6.
    Enable the Turn on safe list option.
  7. 7.
    Click Save to complete the process.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
  1. 1.
    Please ask for the list of the phishing simulator domains from the support team.
  2. 2.
    Sign in to the Microsoft Security & Compliance Center.
  3. 3.
    Click Policies and rules from the left sidebar menu and select Safe Links.
  4. 4.
    Click Create.
  5. 5.
    Add a name and description for your safe links policy and click Next.
  6. 6.
    Select your company domain to be included in this policy and click Next.
  7. 7.
    Check the Do not track user clicks option.
  8. 8.
    Add the domain addresses noted above to the Do not rewrite the following URLs section.
  9. 9.
    Click the Next button and select Submit to complete the process.

How to Whitelist Using the Spam Filter Bypass Feature in Office 365

This will be a walk-through on whitelisting emails by header in the Office 365 platform. The below instructions will show you how to whitelist the emails such as notification, training or phishing simulation emails that will be sent from the platform to users by email header in the Office 365 environment.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
Once you’re logged on to the Office 365 admin portal click Exchange > Mail flow > Rules. Once you are in Rules, click the + symbol.
Once you click the + symbol, a dropdown menu will appear. Select Bypass Spam Filter. A new window will appear with your new rule options. A new window will appear with your new rule options. On the first line, you will need to enter a name for your whitelisting rule. We suggest entering: Phishing Simulation bypass rule.
  1. 1.
    Once you enter your rule name, you’ll scroll down to Apply this rule if… and select A message header includes then select includes any of these words. To the right you’ll see Enter text…, click Enter Text to bring up a new window labeled specify header name and enter X-KEEPNET-TID. Next, click enter words and type Keepnet then click the + sign.
  2. 2.
    Scroll down to Do the following. Under this, select Modify the message properties and select Set the spam confidence level(SCL) to…. A new window will open labeled specify SCL. Set the SCL to Bypass spam filtering and click OK.
  3. 3.
    Next, click add action and select Modify the message properties from the dropdown menu. Then select set a message header. To the right of this click Enter text to bring up a new window labeled message header and type X-MS-Exchange-Organization-BypassClutter. Next, click Enter text and under header value type true.
We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
This completes whitelisting by header in the Office 365 workspace. Now you and other target users that apply this rule in the Office 365 workspace will be able to receive the platform's phishing simulation emails and notifications.
Once you have completed this setup please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group to test your new whitelisting rule.
Copy link
On this page
How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365
How to Whitelist Using the Threat Policies Feature in Office 365
How to Whitelist Using the Safe Links Feature in Office 365
How to Whitelist Using the Spam Filter Bypass Feature in Office 365