Arsen Security

This procedure describes how to manually whitelist Arsen phishing simulation traffic in Microsoft 365 so that simulation emails bypass spam filters, avoid quarantine, and reliably reach employee inboxes.

___________________________________________________________

Authorize Arsen simulations using dedicated IP addresses.

Bypass anti-spam filtering to avoid false positives.

Prevent simulation emails from being quarantined.

Improve deliverability using a Microsoft 365 connector.

- Authorize Arsen simulations using dedicated IP addresses.
- Bypass anti-spam filtering to avoid false positives.
- Prevent simulation emails from being quarantined.
- Improve deliverability using a Microsoft 365 connector.
   

Administrator access to the Microsoft 365 tenant.

Ability to access Microsoft 365 Defender and the Exchange Admin Center.

Permissions to modify mail flow and anti-spam policies.

- Administrator access to the Microsoft 365 tenant.
- Ability to access Microsoft 365 Defender and the Exchange Admin Center.
- Permissions to modify mail flow and anti-spam policies.
   

3 – Add Arsen IP Addresses to the Allowed IP List

Sign in to <code>Microsoft 365 Defender</code>.

Go to <code>Policies &amp; Rules</code> → <code>Threat Policies</code>.

- Sign in to <code>Microsoft 365 Defender</code>.
- Go to <code>Policies &amp; Rules</code> → <code>Threat Policies</code>.

Microsoft 365 Defender navigation showing “Policies &amp; Rules” and “Threat Policies”.

Open Connection Filter Policy (Default) → Edit connection filter policy.

- Open Connection Filter Policy (Default) → Edit connection filter policy.

Threat policies list displaying anti-spam settings and the default connection filter policy.

Liste des politiques anti-spam et ouverture de la Connection filter policy (Default).

Under Always allow messages from the following IP addresses, add:

- <code>161.38.204.14</code>
- <code>185.211.123.249</code> ​

Check <code>Turn on safe list</code> and click <code>Save</code>.

- Under Always allow messages from the following IP addresses, add:
 - <code>161.38.204.14</code>
 - <code>185.211.123.249</code> ​
- Check <code>Turn on safe list</code> and click <code>Save</code>.

Connection filter policy editor with 161.38.204.14 added and Safe List enabled.

Open the Microsoft 365 Admin Center.

Navigate to <code>Exchange</code>.

1. Open the Microsoft 365 Admin Center.
2. Navigate to <code>Exchange</code>.

Microsoft 365 Admin Center highlighting access to Exchange Admin Center.

Go to <code>Mail Flow</code> → <code>Rules</code>.

Click <code>+</code> → <code>Create a new rule</code>.

1. Go to <code>Mail Flow</code> → <code>Rules</code>.
2. Click <code>+</code> → <code>Create a new rule</code>.

Exchange Admin Center showing “Add a rule” in the Mail Flow section.

- The sender → IP address is in any of these ranges or exactly matches
- Add: <code>161.38.204.14</code>, <code>185.211.123.249</code>

- Name: Arsen Simulation Access
- Apply this rule if…
 - The sender → IP address is in any of these ranges or exactly matches
 - Add: <code>161.38.204.14</code>, <code>185.211.123.249</code>

Condition being configured with sender IP address 161.38.204.14

Modify the message properties → Set a message header

- Header: <code>X-MS-Exchange-Organization-BypassClutter</code>
- Value: <code>true</code>

1. Modify the message properties → Set a message header
 - Header: <code>X-MS-Exchange-Organization-BypassClutter</code>
 - Value: <code>true</code>

Transport rule action setting X-MS-Exchange-Organization-BypassClutter to true.

Add another action: ​Modify the message properties → Set the spam confidence level (SCL) to

- Value: <code>-1 (Bypass Spam Filtering)</code>

1. Add another action: ​Modify the message properties → Set the spam confidence level (SCL) to
 - Value: <code>-1 (Bypass Spam Filtering)</code>

Click <code>Next</code>, review, and <code>Save</code>.

Récapitulatif des conditions d’une règle de transport Exchange pour Arsen : IP autorisée, bypass Clutter et SCL -1

5 – Prevent Emails from Being Quarantined

In <code>Mail Flow</code> → <code>Rules</code>, create another new rule.

1. In <code>Mail Flow</code> → <code>Rules</code>, create another new rule.

Microsoft Exchange menu showing mailbox and mail flow management sections.

Condition: ​The sender → IP address is in any of these ranges or exactly matches

- Add: <code>161.38.204.14</code>, <code>185.211.123.249</code>

- Name: Arsen Quarantine Avoidance
- Condition: ​The sender → IP address is in any of these ranges or exactly matches
 - Add: <code>161.38.204.14</code>, <code>185.211.123.249</code>

- Header: <code>X-Forefront-Antispam-Report</code>
- Value: <code>SFV:SKI;CAT:NONE;</code>

- Modify the message properties → Set a message header
 - Header: <code>X-Forefront-Antispam-Report</code>
 - Value: <code>SFV:SKI;CAT:NONE;</code>

Transport rule configuration adding header X-Forefront-Antispam-Report with value SFV:SKI;CAT:NONE;.

You should now see two rules in the Mail Flow Rules list.

Détail d’une boîte aux lettres Exchange – Menu latéral montrant l’accès aux paramètres généraux, aux alias, aux règles, et aux autorisations.

6 – Configure a Connector to Avoid Delivery Delays

In the Exchange Admin Center, go to <code>Mail Flow</code> → <code>Connectors</code>.

Click <code>+ Add a connector</code>.

1. In the Exchange Admin Center, go to <code>Mail Flow</code> → <code>Connectors</code>.
2. Click <code>+ Add a connector</code>.

Exchange Connectors section with Add a connector button.

Name: <code>Arsen Training Connector</code>

- From: Partner organization
- To: Office 365
- Name: <code>Arsen Training Connector</code>
- Enable <code>Turn it on</code>

By verifying that the IP address of the sending server matches one of the following IP addresses…

- <code>161.38.204.14</code>
- <code>185.211.123.249</code>

- Add:
 - <code>161.38.204.14</code>
 - <code>185.211.123.249</code>

Connector IP validation screen listing Arsen IP addresses.

Check <code>Reject email messages if they aren’t sent over TLS</code>

- Check <code>Reject email messages if they aren’t sent over TLS</code>

Connector security options with TLS enforcement enabled.

Détail d’une règle de boîte aux lettres Exchange – Édition des conditions et actions appliquées aux messages entrants.

Configure Microsoft 365 to Authorize the IP Addresses Used in Arsen Simulations

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Configure Microsoft 365 to Authorize the IP Addresses Used in Arsen Simulations

1 – Objectives

2 – Prerequisites

3 – Add Arsen IP Addresses to the Allowed IP List

4 – Bypass Anti-Spam Filtering

5 – Prevent Emails from Being Quarantined

6 – Configure a Connector to Avoid Delivery Delays