Advanced Delivery Policies in Microsoft Defender for Office 365
Before you start testing your employees, you need to configure your mail servers so that our simulations are delivered to the inbox and not to spam or junk mail.
This article allows you to whitelist third-party phishing simulations such as Arsen.
We advise you to use this procedure if you find yourself in one of the following situations:
Exchange Online Protection
Microsoft Defender for Office 365 Plan 1 and Plan 2
Microsoft Defender XDR
Prerequisites
Create your advanced delivery policies
First you'll need to ensure you have the appropriate permissions in your Microsoft 365 account. You have to be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.
You must then choose from 30 of our attack domains, as the Advanced Delivery Policies only allows the use of 30 domains from a third-party service.
Here are our domain names, from which you can choose 30 :
Log in to your Microsoft 365 account.
Go to the Microsoft 365 Defender portal.
Under the Email & collaboration section, navigate to Policies & rules > Threat policies > Advanced delivery.
On the Advanced delivery page, select the Phishing Simulation tab.
Click the Edit or Add icon.
start adding up to 30 domain names.
If you have custom phishing domain of your own (link to custom phishing domains), don't forget to add them to the list too
Then add our unique sending IP: 161.38.204.14
Finally, add the URLs associated with the domain names as follows: .domainname/* — for instance if you've chosen office355.net, sharepointonllne.com and ms-certified.com, add *.office355.net/* *.sharepointonllne.com/* and *.ms-certified.com/* to this field.
This way, all sub-domains will be taken into account.
Click Save.
For more information, you can see Microsoft's article on advanced delivery policies.
This article allows you to whitelist third-party phishing simulations such as Arsen.
We advise you to use this procedure if you find yourself in one of the following situations:
Exchange Online Protection
Microsoft Defender for Office 365 Plan 1 and Plan 2
Microsoft Defender XDR
Summary
Prerequisites
Create your advanced delivery policies
Prerequisites
First you'll need to ensure you have the appropriate permissions in your Microsoft 365 account. You have to be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.
You must then choose from 30 of our attack domains, as the Advanced Delivery Policies only allows the use of 30 domains from a third-party service.
Here are our domain names, from which you can choose 30 :
| Most popular domain names for Microsoft | Most popular domain names for Google | Other domain names available |
|---|---|---|
| office355.net | googie-certified.com | lntra.net |
| sharepointonllne.com | googiecertified.com | securelogln.net |
| ms-certified.com | googieonline.com | safelinklogin.com |
| mscertified.net | googie-login.com | connnect.org |
| rnicrosoft-certified.com | g-sheet.com | droopbox.info |
| rnicrosoft-login.com | googieapps.com | faccbook.net |
| rnicrosoft-office.com | gsecure.solutions | gouv-auth.com |
| rnicrosoft-secure.com | gglsecure.com | hrtech.company |
| teamsmeet.net | - | insurance-hub.org |
| - | - | lindekin.net |
| - | - | protected.domains |
| - | - | protectedlink.org |
| - | - | protectedweb.site |
| - | - | secure-signin.org |
| - | - | securedconnection.net |
| - | - | slakc.net |
| - | - | zoorn.org |
Create your advanced delivery policies
Log in to your Microsoft 365 account.
Go to the Microsoft 365 Defender portal.
Under the Email & collaboration section, navigate to Policies & rules > Threat policies > Advanced delivery.
On the Advanced delivery page, select the Phishing Simulation tab.
Click the Edit or Add icon.
start adding up to 30 domain names.
If you have custom phishing domain of your own (link to custom phishing domains), don't forget to add them to the list too
Then add our unique sending IP: 161.38.204.14
Finally, add the URLs associated with the domain names as follows: .domainname/* — for instance if you've chosen office355.net, sharepointonllne.com and ms-certified.com, add *.office355.net/* *.sharepointonllne.com/* and *.ms-certified.com/* to this field.
This way, all sub-domains will be taken into account.
Click Save.
For more information, you can see Microsoft's article on advanced delivery policies.
Updated on: 16/08/2024
Thank you!