Articles on: 👍 Initial Setup

Advanced Delivery Policies in Microsoft Defender for Office 365

Before you start testing your employees, you need to configure your mail servers so that our simulations are delivered to the inbox and not to spam or junk mail.


This article allows you to whitelist third-party phishing simulations such as Arsen.


We advise you to use this procedure if you find yourself in one of the following situations:


  • Exchange Online Protection
  • Microsoft Defender for Office 365 Plan 1 and Plan 2
  • Microsoft Defender XDR


Summary


Prerequisites


  1. First you'll need to ensure you have the appropriate permissions in your Microsoft 365 account. You have to be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.
  2. You must then choose from 30 of our attack domains, as the Advanced Delivery Policies only allows the use of 30 domains from a third-party service.


Here are our domain names, from which you can choose 30 :


Most popular domain names for Microsoft

Most popular domain names for Google

Other domain names available

office355.net

googie-certified.com

lntra.net

sharepointonllne.com

googiecertified.com

securelogln.net

ms-certified.com

googieonline.com

safelinklogin.com

mscertified.net

googie-login.com

connnect.org

rnicrosoft-certified.com

g-sheet.com

droopbox.info

rnicrosoft-login.com

googieapps.com

faccbook.net

rnicrosoft-office.com

gsecure.solutions

gouv-auth.com

rnicrosoft-secure.com

gglsecure.com

hrtech.company

teamsmeet.net

insurance-hub.org

lindekin.net

protected.domains

protectedlink.org

protectedweb.site

secure-signin.org

securedconnection.net

slakc.net

zoorn.org



Create your advanced delivery policies


  1. Log in to your Microsoft 365 account.
  2. Go to the Microsoft 365 Defender portal.
  3. Under the Email & collaboration section, navigate to Policies & rules > Threat policies > Advanced delivery.
  4. On the Advanced delivery page, select the Phishing Simulation tab.
  5. Click the Edit or Add icon.


  • start adding up to 30 domain names.


If you have custom phishing domain of your own (link to custom phishing domains), don't forget to add them to the list too


  • Then add our unique sending IP: 161.38.204.14


  • Finally, add the URLs associated with the domain names as follows: .domainname/ — for instance if you've chosen office355.net, sharepointonllne.com and ms-certified.com, add *.office355.net/* *.sharepointonllne.com/* and *.ms-certified.com/* to this field.

This way, all sub-domains will be taken into account.



  1. Click Save.



For more information, you can see Microsoft's article on advanced delivery policies.

Updated on: 16/08/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!