Articles on: 👍 Initial Setup

❇️ How to allow Arsen phishing simulation by IP address Microsoft 365. (Recommended)

By following this procedure, you will be able to allow our phishing simulations to bypass your protections in order to test the behavior of your employees.

The goal is for our phishing simulations to reach your employees' inboxes directly, without going through the junk mail folder, which could distort your employees' training.

Sommaire



Prerequisites
Step 1: Add Arsen's IP address to the allowed IPs list
Step 2: Bypass anti-spam protection
Step 3: Avoid quarantine
Step 4: Set up a connector to avoid reception delays

Prerequisites



To follow this procedure, you must be the administrator of your company's Microsoft 365 account.

Step 1: Add Arsen's IP address to the allowed IPs list



Log in to your Microsoft 365 account's security center.

Go to Policies and rules > Threat Policy > Anti-spam.





Click Connection Filter Policy (default)




In Always allow messages from the following IP addresses or address range: enter the IP address 161.38.204.14.

Check Turn on safe list you should have a screen that looks like the image below:





Click Save and then click Yes on the Security and Compliance popup


Step 2: Bypass spam protection



Log in to your Microsoft 365 administration panel

In the left sidebar, click on Exchange



In Mail Flow, click on Rules.

Click the + to add a rule and click Create a new rule.



In the side panel, give the rule a name such as Arsen Simulations Access.

Click the Apply this rule if... drop-down menu and select The Sender and then IP address is in any of these ranges or exactly matches. If you do not see the option, click More options on the New Rules screen to access all available settings.



In IP address range... enter 161.38.204.14 then click on Save to save the IP before clicking Ok

Click on the Do the following drop-down menu and select Modify the message properties then set a message header.

To the right of the field, click on the first Enter text....

Enter X-MS-Exchange-Organization-BypassClutter, being careful to be case sensitive.

Click on the second Enter text... link and enter true. You should have a first action as follows:



Then click on +.

From the Do the following... drop-down menu, click Modify the message properties, then click Set the spam confidence level (SCL) to... and select Bypass Spam Filtering. Click Ok



Click on Next.


Summary of the rule creation page





Step 3 : Avoid quarantine



This part of the procedure prevents our phishing simulations from being quarantined.

Still in the Exchange Administration Center, select Mail Flow > Rules from the left menu

Click + to add a rule

Select Create a new rule.



Give the rule a name such as Arsen Quarantine Avoidance.

Click Apply this rule if... and select The sender, then select IP address is in any of these ranges or exactly matches.

Enter our IP address: 161.38.204.14 and click the + to the right of the IP address to add it.

Click on the Do the following drop down menu then click on Modify the message properties then Set a message header.

Click on the first Enter text... to the right of Set the message header to set the header. Enter the text X-Forefront-Antispam-Report. Be case sensitive: be sure to use upper and lower case letters. Click on Ok.

Click on the second Enter text..., after to the value to the right of Set the message header. Enter SFV:SKI;CAT:NONE;. Be case sensitive: everything must be in upper case. Click OK once you have entered the text. This is the final configuration of the rule:



Click on Save

Your Mail Flow rules should match the screen below:




Step 4: Set up a connector to avoid reception delays



Adding a connector helps to avoid reception delays in Microsoft 365. These delays can be caused by receive volume limits or other email settings.

To add a connector to your Microsoft 365 account:

In the Exchange Administration Center, click Mail Flow > Connectors.

Click + Add a connector.



Under Connection From, select Partner Organization. Office 365 should be automatically selected in Connection to (select Office 365 if it is not) and then click Next.

On the next screen, give the connector a name: Arsen Training Connector. Add a description if you wish

Make sure Turn it on is checked under What do you want to do after connector is saved? then click Next.

Select By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization then enter the IP address 161.38.204.14 and click + . Click Next.



In Security Restrictions, select Reject email messages if they aren't sent over TLS. Click Next.



Verify that the settings match the screen below and then click + Create Connector.

Updated on: 23/07/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!