It's suggested to use all the methods explained in this documentation step by step for whitelisting successfully. The customer may skip the related step if there is no feature in their O365 environment due to the license.

How to Whitelist Using the Third-party Phishing Simulations Feature in Office 365

3. Click the Policies & rules item on the left sidebar menu.

4. Go to Threat policies > Advanced delivery.

5. Click the Phishing simulations tab and click Edit.

6. Add the IP address to Sending IP section.

7. Add the Domain address (also known as the MAIL FROM address) used in the phishing campaign into the Domains section.

9. Click Save to complete the process.

How to Whitelist Using the Threat Policies Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Sender IPs in the O365 environment in the Threat Policies feature.

4. Click the Connection Filter Policy and select the Edit connection filter.

5. Add the IP addresses to the section labeled Always allow messages from the following IP addresses or address range.

6. Enable the Turn on safe list option.

7. Click Save to complete the process.

How to Whitelist Using the Safe Links Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting Domains in the O365 environment in the Safe Links feature.

2. Sign into the Microsoft Security & Compliance Center.

3. Click Policies and rules from the left sidebar menu, click Threat Policies and select Safe Links.

4. Click Create.

5. Add a name and description for your safe links policy and click Next.

6. Select your company domain to be included in this policy and click Next.

7. Deselect the Track user clicks option.

8. Add the phishing domains here by using *.domain.com/* wildcard syntax to the Do not rewrite the following URLs section.

9. Click the Next button and select Submit to complete the process.

How to Whitelist Using the Spam Filter Bypass Feature in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment in the Bypass Spam Filter feature.

1. Sign in to the admin portal.

2. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

3. Select the Bypass Spam Filter option.

4. Enter a name for your whitelisting rule.

5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

   1. To the right you'll see "Enter text...", click "Enter Words" to bring up a new window labeled specify IP address ranges, and enter the IPs listed here and then click the Save button.

6. Scroll down to the "Do the following" section.

   1. Select the "Modify the message properties" option and then select the "Set the spam confidence level(SCL)" option.

   2. And then click the Set the spam confidence level (SCL) to '-1' option and select "Bypass spam filtering" and click the Save button.

7. Next to the "Do the following" field, click + button to create a new rule.

   1. Select the "Modify the message properties" option and then select the "set a message header" option.

   2. Click "Enter Words" and type "X-MS-Exchange-Organization-BypassClutter" and then click the Save button.

   3. Next, click Enter Words under the "header value" and type "true".

8. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

9. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

How to Bypass Advanced Threat Protection (ATP) "Link" by Using IP Address in Office 365

The below instructions will show you how to whitelist the emails such as notification, training, or phishing simulation emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeLinksProcessing" rule.

1. Sign in to the admin portal.

2. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

3. Click on the Create a new rule option.

4. Enter a name for your whitelisting rule.

5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

   1. To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.

6. Scroll down to the "Do the following" section.

   1. Select the "Modify the message properties" option and then select the "Set a message header" option.

   2. Set the message header to "X-MS-Exchange-Organization-SkipSafeLinksProcessing" and set the value to "1".

7. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

8. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

How to Bypass Advanced Threat Protection (ATP) "Attachment" by Using IP Address in Office 365

The below instructions will show you how to whitelist the attached files in the emails that will be sent from the platform to users by whitelisting the Sender IPs in the O365 environment with the "SkipSafeAttachmentProcessing" rule.

1. Sign in to the admin portal.

2. Go to Exchange > Mail flow > Rules and click the + Add a rule button.

3. Click on the Create a new rule option.

4. Enter a name for your whitelisting rule.

5. Scroll down to the "Apply this rule if..." section and select "The sender" and then select "IP address is in any of these ranges or exactly matches"

   1. To the right, you'll see "Enter text...", click "Enter Words" to bring up a new window labelled specify IP address ranges, and enter the IPs listed here and then click the Save button.

6. Scroll down to the "Do the following" section.

   1. Select the "Modify the message properties" option and then select the "Set a message header" option.

   2. Set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" and set the value to "1".

7. We recommend leaving the rest of the rule settings the same. Once you have completed these steps, click Save to save your whitelisting rule.

8. Make sure the whitelisting rule's status is enabled. If it's disabled, click on it and Enable it and click the Edit Rule Settings button on the opened page to save it.

Troubleshooting

If the emails sent by the platform somehow is not delivered to the user's inbox, the admin can use the following steps to see why it's not delivered and find a solution for it.

1. Sign in to the admin portal.

2. Go to Exchange > Mail flow > Message Trace and click the + start a trace button.

3. Enter the from address to the "Senders" field which is expected to be delivered from the platform and click the Search button.

4. The O365 will list the emails that is delivered from the specified email address and then you can click on the emails to see more information.

5. While on the Quarantine page, click on the email to view more details. Scroll down to the email body to check the links inside. If you notice a Mimecast link, it indicates that Mimecast has interfered with the email. In this case, you need to whitelist the email in Mimecast.

Video Tutorial

The following video playlist tutorial contains information about how to whitelist in O365 environment.

Impersonation Protection Bypass Policy

To prevent Mimecast from blocking emails from known and safe sources due to impersonation protection rules, set up an Impersonation Protection Bypass Policy.

2. Log in to your Mimecast Administration Console.

3. Navigate to Administration > Gateway | Policies.

4. Choose Impersonation Protection Bypass from the policies list and click New Policy.

5. Configure the policy:

   • Applies From: Everyone (using IP addresses/Hostnames as the source)

   • Applies To: Everyone

6. Enter the specific IP addresses under Source IP Ranges.

7. Save the policy settings.

For more information on these settings, see Mimecast's Configuring an Impersonation Protection Bypass Policy article.

Anti-Spoofing Policy

Set up an Anti-Spoofing Policy to allow emails that appear to be coming from your domain.

1. Note the IP addresses to be allowed.

2. Access Gateway | Policies via the Administration tab.

3. Select Anti-Spoofing, then New Policy.

4. Define the policy:

   • Emails From: Everyone (utilizing IP addresses)

   • Emails To: Everyone

5. Add the Keepnet IP addresses in the Source IP Ranges.

6. Commit the changes to ensure that emails are recognized as legitimate. Configure Anti-Spoofing

For more information see Mimecast's Configuring an Anti-Spoofing Policy article.

Permitted Senders Policy

To allowlist emails specifically for training and phishing simulation:

1. Note the IP addresses to be allowed.

2. Go to Gateway | Policies and select Permitted Senders.

3. Click New Policy and set the parameters:

   • Emails From: Everyone (with specified IPs)

   • Emails To: Everyone

4. Include the relevant IP addresses in Source IP Ranges.

5. Finalize the settings by saving the policy.

For more information on these settings see Mimecast's Configuring a Permitted Senders Policy article.

URL Protection Bypass Policy

For accurate phishing test results, exclude certain URLs from Mimecast's URL Protection.

1. Under Gateway | Policies, select URL Protection Bypass and then New Policy.

2. Adjust the policy settings:

   • Applies From: Everyone (IP addresses/hostnames as the source)

   • Applies To: Everyone

3. Input the applicable IP ranges in Source IP Ranges.

4. Save your changes to activate the policy.

For more information on these settings, see Mimecast's Configuring a URL Protection Bypass Policy article

Final Steps

After setting up these policies, conduct a small-scale test to ensure everything functions as intended before rolling out to your entire organization. This verification step is crucial to prevent disruptions and ensure that all settings are correctly applied.