❇️ How to allow Arsen phishing simulation by IP address Microsoft 365. (Recommended)
By following this procedure, you will be able to allow our phishing simulations to bypass your protections in order to test the behavior of your employees.
The goal is for our phishing simulations to reach your employees' inboxes directly, without going through the junk mail folder, which could distort your employees' training.
Prerequisites
Step 1: Add Arsen's IP address to the allowed IPs list
Step 2: Bypass anti-spam protection
Step 3: Avoid quarantine
Step 4: Set up a connector to avoid reception delays
To follow this procedure, you must be the administrator of your company's Microsoft 365 account.
Log in to your Microsoft 365 account's security center.
Go to Policies and rules > Threat Policy > Anti-spam.
Click Connection Filter Policy (default)
In Always allow messages from the following IP addresses or address range: enter the IP address 161.38.204.14.
Check Turn on safe list you should have a screen that looks like the image below:
Click Save and then click Yes on the Security and Compliance popup
Log in to your Microsoft 365 administration panel
In the left sidebar, click on Exchange
In Mail Flow, click on Rules.
Click the + to add a rule and click Create a new rule.
In the side panel, give the rule a name such as Arsen Simulations Access.
Click the Apply this rule if... drop-down menu and select The Sender and then IP address is in any of these ranges or exactly matches. If you do not see the option, click More options on the New Rules screen to access all available settings.
In IP address range... enter 161.38.204.14 then click on Save to save the IP before clicking Ok
Click on the Do the following drop-down menu and select Modify the message properties then set a message header.
To the right of the field, click on the first Enter text....
Enter X-MS-Exchange-Organization-BypassClutter, being careful to be case sensitive.
Click on the second Enter text... link and enter true. You should have a first action as follows:
Then click on +.
From the Do the following... drop-down menu, click Modify the message properties, then click Set the spam confidence level (SCL) to... and select Bypass Spam Filtering. Click Ok
Click on Next.
This part of the procedure prevents our phishing simulations from being quarantined.
Still in the Exchange Administration Center, select Mail Flow > Rules from the left menu
Click + to add a rule
Select Create a new rule.
Give the rule a name such as Arsen Quarantine Avoidance.
Click Apply this rule if... and select The sender, then select IP address is in any of these ranges or exactly matches.
Enter our IP address: 161.38.204.14 and click the + to the right of the IP address to add it.
Click on the Do the following drop down menu then click on Modify the message properties then Set a message header.
Click on the first Enter text... to the right of Set the message header to set the header. Enter the text X-Forefront-Antispam-Report. Be case sensitive: be sure to use upper and lower case letters. Click on Ok.
Click on the second Enter text..., after to the value to the right of Set the message header. Enter SFV:SKI;CAT:NONE;. Be case sensitive: everything must be in upper case. Click OK once you have entered the text. This is the final configuration of the rule:
Click on Save
Your Mail Flow rules should match the screen below:
Adding a connector helps to avoid reception delays in Microsoft 365. These delays can be caused by receive volume limits or other email settings.
To add a connector to your Microsoft 365 account:
In the Exchange Administration Center, click Mail Flow > Connectors.
Click + Add a connector.
Under Connection From, select Partner Organization. Office 365 should be automatically selected in Connection to (select Office 365 if it is not) and then click Next.
On the next screen, give the connector a name: Arsen Training Connector. Add a description if you wish
Make sure Turn it on is checked under What do you want to do after connector is saved? then click Next.
Select By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization then enter the IP address 161.38.204.14 and click + . Click Next.
In Security Restrictions, select Reject email messages if they aren't sent over TLS. Click Next.
Verify that the settings match the screen below and then click + Create Connector.
The goal is for our phishing simulations to reach your employees' inboxes directly, without going through the junk mail folder, which could distort your employees' training.
Sommaire
Prerequisites
Step 1: Add Arsen's IP address to the allowed IPs list
Step 2: Bypass anti-spam protection
Step 3: Avoid quarantine
Step 4: Set up a connector to avoid reception delays
Prerequisites
To follow this procedure, you must be the administrator of your company's Microsoft 365 account.
Step 1: Add Arsen's IP address to the allowed IPs list
Log in to your Microsoft 365 account's security center.
Go to Policies and rules > Threat Policy > Anti-spam.
Click Connection Filter Policy (default)
In Always allow messages from the following IP addresses or address range: enter the IP address 161.38.204.14.
Check Turn on safe list you should have a screen that looks like the image below:
Click Save and then click Yes on the Security and Compliance popup
Step 2: Bypass spam protection
Log in to your Microsoft 365 administration panel
In the left sidebar, click on Exchange
In Mail Flow, click on Rules.
Click the + to add a rule and click Create a new rule.
In the side panel, give the rule a name such as Arsen Simulations Access.
Click the Apply this rule if... drop-down menu and select The Sender and then IP address is in any of these ranges or exactly matches. If you do not see the option, click More options on the New Rules screen to access all available settings.
In IP address range... enter 161.38.204.14 then click on Save to save the IP before clicking Ok
Click on the Do the following drop-down menu and select Modify the message properties then set a message header.
To the right of the field, click on the first Enter text....
Enter X-MS-Exchange-Organization-BypassClutter, being careful to be case sensitive.
Click on the second Enter text... link and enter true. You should have a first action as follows:
Then click on +.
From the Do the following... drop-down menu, click Modify the message properties, then click Set the spam confidence level (SCL) to... and select Bypass Spam Filtering. Click Ok
Click on Next.
Summary of the rule creation page
Step 3 : Avoid quarantine
This part of the procedure prevents our phishing simulations from being quarantined.
Still in the Exchange Administration Center, select Mail Flow > Rules from the left menu
Click + to add a rule
Select Create a new rule.
Give the rule a name such as Arsen Quarantine Avoidance.
Click Apply this rule if... and select The sender, then select IP address is in any of these ranges or exactly matches.
Enter our IP address: 161.38.204.14 and click the + to the right of the IP address to add it.
Click on the Do the following drop down menu then click on Modify the message properties then Set a message header.
Click on the first Enter text... to the right of Set the message header to set the header. Enter the text X-Forefront-Antispam-Report. Be case sensitive: be sure to use upper and lower case letters. Click on Ok.
Click on the second Enter text..., after to the value to the right of Set the message header. Enter SFV:SKI;CAT:NONE;. Be case sensitive: everything must be in upper case. Click OK once you have entered the text. This is the final configuration of the rule:
Click on Save
Your Mail Flow rules should match the screen below:
Step 4: Set up a connector to avoid reception delays
Adding a connector helps to avoid reception delays in Microsoft 365. These delays can be caused by receive volume limits or other email settings.
To add a connector to your Microsoft 365 account:
In the Exchange Administration Center, click Mail Flow > Connectors.
Click + Add a connector.
Under Connection From, select Partner Organization. Office 365 should be automatically selected in Connection to (select Office 365 if it is not) and then click Next.
On the next screen, give the connector a name: Arsen Training Connector. Add a description if you wish
Make sure Turn it on is checked under What do you want to do after connector is saved? then click Next.
Select By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization then enter the IP address 161.38.204.14 and click + . Click Next.
In Security Restrictions, select Reject email messages if they aren't sent over TLS. Click Next.
Verify that the settings match the screen below and then click + Create Connector.
Updated on: 23/07/2024
Thank you!