This document will cover all aspects of whitelisting in Office 365 to allow our simulated phishing emails through. This document will also cover junk bypassing to ensure emails are delivered straight to your user’s inbox. Please carry out all steps in the guide.
Estimated time for completion is 15 minutes.
Log into your Office 365 portal and go into the Admin-->Exchange area.
Click on Service Settings --> Mail OR click on Admin --> Exchange.
Click on Connection Filter (beneath Protection heading).
Click on Connection Filter, then click the Pencil icon to edit the default connection filter policy.
Under the IP Allow list, click the + sign to add an IP address.
On the "Add allowed IP address" screen, add the following IP addresses:
Click OK, then Save. Any email now sent from any of these IP's will be allowed through Office 365 Exchange.
Bypassing Junk in Office 365
Log into your Office 365 portal and go into the Admin>Exchange area.
Click on the mail flow section and then click the big + sign in the right hand area and select “Bypass Spam Filtering…” from the drop-down.
This will open the New Rule screen.
Creating the Rule
- Give the rule a name, such as "SATT Junk Bypass".
- Select “Apply this rule if…” then choose “Sender's IP address is in the range...”
- In the box produced, enter the following IP addresses: 220.127.116.11, 18.104.22.168,
22.214.171.124, 126.96.36.199, 188.8.131.52
- Once they are added, save and close the rule.
- Beneath "Do the following", click "Modify the message properties" then "Set a Message Header"
Modifying the message properties:
Set the message header to this value:
Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true".
NOTE: Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive.
Set the message header value:
Add an additional action beneath "Do the following" to "Modify the message properties". Here, click on "Set the spam confidence level (SCL) to..." and select "Bypass Spam Filtering".
Bypass Spam Filtering
Click Save. An example of the completed rule is below.