How to Whitelist an IP Address in Office 365
It's suggested to use all the methods explained in this documentation step by step for whitelisting successfully. The customer may skip the related step if there is no feature in their O365 environment due to the license.
How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365
The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs and Domains in the O365 environment in the Phishing Simulation feature.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
Note the IP addresses to be allowed.
Sign in to the Microsoft Security & Compliance Center.
Click the Policies & rules item on the left sidebar menu.
Go to Threat policies > Advanced delivery.
Click the Phishing simulations tab and click Edit.
Add the IP address to Sending IP section.
Add the Domain address (also known as the MAIL FROM address) used in the phishing campaign into the Domains section.
Add the phishing domains here by using *.domain.com/* wildcard syntax to Simulation URLs to allow section.
Click Save to complete the process.
How to Whitelist Using the Threat Policies Feature in Office 365
The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs in the O365 environment in the Threat Policies feature.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
Note the IP addresses to be allowed.
Sign in to the Microsoft Security & Compliance Center.
Click the Policies and rules > Anti-Spam under the Policies. To go directly to the Anti-spam policies page, use https://security.microsoft.com/antispam
Click the Connection Filter Policy and select the Edit connection filter.
Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.
Enable the Turn on safe list option.
Click Save to complete the process.
How to Whitelist Using the Safe Links Feature in Office 365
The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Domains in the O365 environment in the Safe Links feature.
This step is suggested to prevent any false clicks on training or phishing reports.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a member of the Microsoft Exchange Online Organization Management administrator group.
Please ask for the list of the phishing simulator domains from here.
Sign into the Microsoft Security & Compliance Center.
Click Policies and rules from the left sidebar menu, click Threat Policies and select Safe Links.
Click Create.
Add a name and description for your safe links policy and click Next.
Select your company domain to be included in this policy and click Next.
Deselect the Track user clicks option.
Add the phishing domains here by using *.domain.com/* wildcard syntax to the Do not rewrite the following URLs section.
Click the Next button and select Submit to complete the process.
How to Whitelist Using the Spam Filter Bypass Feature in Office 365
The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment in the Bypass Spam Filter feature.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.
Sign in to the admin portal.
Go to Exchange > Mail flow > Rules and click the + Add a rule button.
Select the Bypass Spam Filter option.
Enter a name for your whitelisting rule.
Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
To the right you'll see "Enter text...", click "Enter Words" to bring up a new window labeled specify IP address ranges, and enter the IPs listed here and then click the Save button.
Scroll down to the "Do the following" section.
Select the "Modify the message properties" option and then select the "Set the spam confidence level(SCL)" option.
And then click the Set the spam confidence level (SCL) to '-1' option and select "Bypass spam filtering" and click the Save button.
Next to the "Do the following" field, click + button to create a new rule.
Select the "Modify the message properties" option and then select the "set a message header" option.
Click "Enter Words" and type "X-MS-Exchange-Organization-BypassClutter" and then click the Save button.
Next, click Enter Words under the "header value" and type "true".
We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.
How to Bypass Advanced Threat Protection (ATP) "Link" by Using IP Address in Office 365
The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeLinksProcessing" rule.
This step is suggested to prevent scanning phishing simulation links by O365 sent by the platform.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.
Sign in to the admin portal.
Go to Exchange > Mail flow > Rules and click the + Add a rule button.
Click on the Create a new rule option.
Enter a name for your whitelisting rule.
Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.
Scroll down to the "Do the following" section.
Select the "Modify the message properties" option and then select the "Set a message header" option.
Set the message header to "X-MS-Exchange-Organization-SkipSafeLinksProcessing" and set the value to "1".
We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.
How to Bypass Advanced Threat Protection (ATP) "Attachment" by Using IP Address in Office 365
The below instructions will show you how to whitelist the attached files in the emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeAttachmentProcessing" rule.
This step is suggested to prevent scanning phishing simulation attachment files by O365 sent by the platform.
To complete this procedure, you must have security administrator privileges with the Microsoft Security & Compliance Center or be a Microsoft Exchange Online Organization Management administrator group member.
Sign in to the admin portal.
Go to Exchange > Mail flow > Rules and click the + Add a rule button.
Click on the Create a new rule option.
Enter a name for your whitelisting rule.
Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"
To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.
Scroll down to the "Do the following" section.
Select the "Modify the message properties" option and then select the "Set a message header" option.
Set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" and set the value to "1".
We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.
Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.
Troubleshooting
If the emails sent by the platform somehow is not delivered to the user's inbox, the admin can use the following steps to see why it's not delivered and find a solution for it.
Sign in to the admin portal.
Go to Exchange > Mail flow > Message Trace and click the + start a trace button.
Enter the from address to the "Senders" field which is expected to be delivered from the platform and click the Search button.
The O365 will list the emails that is delivered from the specified email address and then you can click on the emails to see more information.
While on the Quarantine page, click on the email to view more details. Scroll down to the email body to check the links inside. If you notice a Mimecast link, it indicates that Mimecast has interfered with the email. In this case, you need to whitelist the email in Mimecast.
Video Tutorial
The following video playlist tutorial contains information about how to whitelist in O365 environment.
Last updated