🌁 How to create safe sender lists in Exchange Online Protection ?
Creating safe sender lists in EOP for phishing simulations serves a specific purpose in the context of testing and training employees with Arsen :
Phishing simulations involve sending simulated phishing emails to employees to test their ability to recognize and respond to phishing attempts. By adding the simulation tool's sender email addresses to the safe sender list, Outlook automatically downloads pictures from these specific senders and thus reduces the chances of these simulated emails being flagged as actual phishing attempts. This ensures that employees focus on real threats rather than false positives during the simulation.
Requirements
Add Arsen domains to safe sender list
Remove Arsen domains from safe sender list
One of the following license:
Exchange Online Protection
Microsoft Defender for Office 365 plan 1 and plan 2
Microsoft Defender XDR
Applies to:
Exchange Server 2010
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
Exchange Online
Exchange Online Protection
Create safe sender lists in EOP
Set-MailboxJunkEmailConfiguration
Get-Mailbox
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
You must replace [DOMAIN_1], [DOMAIN_2] and [DOMAIN_X] with the domains you want to add in your safe sender list. You can add up to 1000 domains.
Based on your needs and requirements, you can set the $All variable to match only with the users you want to add the safe sender list to. Read the documentation for more information.
To ensure the safe sender list has been updated, you can log in as a user on which the rule was apply to, and go to the Junk Mail settings in Outlook (View > View Settings > Junk email).
To find the list of domains used by Arsen Phishing Simulation Awareness platform, open the Whitelisting procedure from your Phishing Simulation Settings and follow the whitelisting steps until the last step. After testing your configuration you’ll be able to copy/paste the full cmdlet including all domain names:
You need to replace the Add keyword with a Remove keyword instead:
Phishing simulations involve sending simulated phishing emails to employees to test their ability to recognize and respond to phishing attempts. By adding the simulation tool's sender email addresses to the safe sender list, Outlook automatically downloads pictures from these specific senders and thus reduces the chances of these simulated emails being flagged as actual phishing attempts. This ensures that employees focus on real threats rather than false positives during the simulation.
Summary :
Requirements
Add Arsen domains to safe sender list
Remove Arsen domains from safe sender list
Requirements
One of the following license:
Exchange Online Protection
Microsoft Defender for Office 365 plan 1 and plan 2
Microsoft Defender XDR
Applies to:
Exchange Server 2010
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
Exchange Online
Exchange Online Protection
Official documentation :
Create safe sender lists in EOP
Set-MailboxJunkEmailConfiguration
Get-Mailbox
Add Arsen domains to safe sender list
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
$> $All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$> $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -TrustedSendersAndDomains @{Add="[DOMAIN_1]","[DOMAIN_2]","[DOMAIN_X]"}}You must replace [DOMAIN_1], [DOMAIN_2] and [DOMAIN_X] with the domains you want to add in your safe sender list. You can add up to 1000 domains.
Based on your needs and requirements, you can set the $All variable to match only with the users you want to add the safe sender list to. Read the documentation for more information.
To ensure the safe sender list has been updated, you can log in as a user on which the rule was apply to, and go to the Junk Mail settings in Outlook (View > View Settings > Junk email).
To find the list of domains used by Arsen Phishing Simulation Awareness platform, open the Whitelisting procedure from your Phishing Simulation Settings and follow the whitelisting steps until the last step. After testing your configuration you’ll be able to copy/paste the full cmdlet including all domain names:
Remove Arsen domains from safe sender list
You need to replace the Add keyword with a Remove keyword instead:
$> $All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$> $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -TrustedSendersAndDomains @{Remove="[DOMAIN_1]","[DOMAIN_2]","[DOMAIN_X]"}}Updated on: 11/12/2023
Thank you!