LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365
  • How to Whitelist Using the Threat Policies Feature in Office 365
  • How to Whitelist Using the Spam Filter Bypass Feature in Office 365
  • How to Bypass Advanced Threat Protection (ATP) "Link" by Using IP Address in Office 365
  • How to Bypass Advanced Threat Protection (ATP) "Attachment" by Using IP Address in Office 365
  • Troubleshooting
  • Video Tutorial

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Getting Started
  3. 3. Email Deliverability
  4. Microsoft 365

M365: Whitelisting

PreviousM365: Direct Email CreationNextGoogle Workspace

Last updated 2 months ago

Was this helpful?

It's suggested to use all the methods explained in this documentation step by step for whitelisting successfully. The customer may skip the related step if there is no feature in their O365 environment due to the license.

🚨 If you have additional security solutions (e.g. Mimecast) please make sure to whitelist in these security solutions by following these steps:

How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs in the O365 environment in the Phishing Simulation feature.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.

  1. Note the to be allowed.

  2. Sign in to the Center.

  3. Click the Policies & rules item on the left sidebar menu.

  4. Go to Threat policies > Advanced delivery.

  5. Click the Phishing simulations tab and click Edit.

  6. Add the IP address to Sending IP section.

  7. Add the Domain address (also known as the MAIL FROM address) used in the phishing campaign into the Domains section.

  8. Add the phishing domains by using *.domain.com/* wildcard syntax to Simulation URLs to allow section.

  9. Click Save to complete the process.

How to Whitelist Using the Threat Policies Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs in the O365 environment in the Threat Policies feature.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.

  1. Click the Connection Filter Policy and select the Edit connection filter.

  2. Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.

  3. Enable the Turn on safe list option.

  4. Click Save to complete the process.

How to Whitelist Using the Spam Filter Bypass Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment in the Bypass Spam Filter feature.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.

  1. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

  2. Select the Bypass Spam Filter option.

  3. Enter a name for your whitelisting rule.

  4. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

  5. Scroll down to the "Do the following" section.

    1. Select the "Modify the message properties" option and then select the "Set the spam confidence level(SCL)" option.

    2. And then click the Set the spam confidence level (SCL) to '-1' option and select "Bypass spam filtering" and click the Save button.

  6. Next to the "Do the following" field, click + button to create a new rule.

    1. Select the "Modify the message properties" option and then select the "set a message header" option.

    2. Click "Enter Words" and type "X-MS-Exchange-Organization-BypassClutter" and then click the Save button.

    3. Next, click Enter Words under the "header value" and type "true".

  7. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

  8. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

How to Bypass Advanced Threat Protection (ATP) "Link" by Using IP Address in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeLinksProcessing" rule.

This step is suggested to prevent scanning phishing simulation links by O365 sent by the platform.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.

  1. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

  2. Click on the Create a new rule option.

  3. Enter a name for your whitelisting rule.

  4. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

  5. Scroll down to the "Do the following" section.

    1. Select the "Modify the message properties" option and then select the "Set a message header" option.

    2. Set the message header to "X-MS-Exchange-Organization-SkipSafeLinksProcessing" and set the value to "1".

  6. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

  7. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

How to Bypass Advanced Threat Protection (ATP) "Attachment" by Using IP Address in Office 365

The below instructions will show you how to whitelist the attached files in the emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeAttachmentProcessing" rule.

This step is suggested to prevent scanning phishing simulation attachment files by O365 sent by the platform.

To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.

  1. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

  2. Click on the Create a new rule option.

  3. Enter a name for your whitelisting rule.

  4. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

  5. Scroll down to the "Do the following" section.

    1. Select the "Modify the message properties" option and then select the "Set a message header" option.

    2. Set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" and set the value to "1".

  6. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

  7. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

Troubleshooting

If the emails sent by the platform somehow is not delivered to the user's inbox, the admin can use the following steps to see why it's not delivered and find a solution for it.

  1. Go to Exchange > Mail flow > Message Trace and click the + start a trace button.

  2. Enter the from address to the "Senders" field which is expected to be delivered from the platform and click the Search button.

  3. The O365 will list the emails that is delivered from the specified email address and then you can click on the emails to see more information.

🚨 If you have additional security solutions (e.g. Mimecast) please make sure to whitelist in these security solutions by following these steps:

Video Tutorial

The following video playlist tutorial contains information about how to whitelist in O365 environment.

Note the to be allowed.

Sign in to the Center.

Click the Policies and rules > Anti-Spam under the Policies. To go directly to the Anti-spam policies page, use

Sign in to the portal.

To the right you'll see "Enter text...", click "Enter Words" to bring up a new window labeled specify IP address ranges, and enter the IPs listed and then click the Save button.

Sign in to the portal.

To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed and then click the Save button.

Sign in to the portal.

To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed and then click the Save button.

Sign in to the portal.

✅ You have now ensured your target users will receive emails through Keepnet. Now you need to so your target users can successfully open Keepnet email links ➡️

💫
Microsoft Security & Compliance
https://security.microsoft.com/antispam
admin
admin
admin
admin
​Whitelisting in Security Solutions​
Whitelist Domains
​Whitelisting in Security Solutions​
Microsoft Security & Compliance
IP addresses
here
here
here
IP addresses
here