Articles in this section

See more

Microsoft O365 - Windows Defender - Advanced Delivery Whitelisting

Avatar
Mitchell Dyer
  • Updated
Follow

Microsoft Advanced Delivery Phishing Simulation

This guide is take you through the configuration details to utilise Microsoft’s specific ruleset to allow a 3rd party Phishing Simulation services provider, such as CSA, to safely delivery educational e-mails into your environment. 

 

What do you need to know before you begin? 

  • As an Administrator, to have access to open the Microsoft 365 Defender portal at https://security.microsoft.com 
  • Be able to go directly to the Advanced delivery page, open https://security.microsoft.com/advanceddelivery. 
  • You will need to have the following assigned permissions before you can do the procedures in this article: 
  • To create, modify, or remove configured settings in the advanced delivery policy, you need to be a member of the Security Administrator role group in the Microsoft 365 Defender portal and a member of the Organization Management role group in Exchange Online. 
  • For read-only access to the advanced delivery policy, you need to be a member of the Global Reader or Security Reader role groups.

For more information, see Permissions in the Microsoft 365 Defender portal and Permissions in Exchange Online. 

 

Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy 

  1. In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery in the Rules section. 
  2. On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps: 
  • Click Edit. 
  • If there are no existing configured phishing simulations, click Add: 

 

blobid0.png

 

  • On the Add third-party phishing simulation option that opens, configure the following settings:
  • Sending domain: Expand this setting and enter at least one email address domain (for example, contoso.com) by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box.
  • csatraining.online
  • csatraining.online2 
  • csaphishtest1.co.uk 
  • csaphishtest2.co.uk 
  • csalearn.co.uk 
  • gdpreducation.co.uk 

 

  • Sending IP: Expand this setting and enter the following IPv4 address by pressing Enter after each IP. CSA values are: 
  • 178.17.44.156   
  • 178.17.44.157  
  • 178.17.44.158  
  • 109.108.147.96 
  • 109.108.147.136 

 

Simulation URLs to allow: at this moment in time, this option is not required. 

blobid1.png

When you're finished, do one of the following steps: 

  • First time: Click Add, and then click Close. 
  • Edit existing: Click Save and then click Close. 

The third-party phishing simulation entries that you configured are displayed on the Phishing simulation tab. To make changes, click Edit on the tab. 

 

Additional scenario that requires filtering bypass 

Third-party filters: If your domain's MX record doesn't point to Office 365 (messages are routed somewhere else first), you will still need to add the above IP addresses and domains to their whitelisting configuration. These are solutions such as Mimecast, Proofpoint, Viper, Forcepoint to name just a few. 

The CSA Team can provide a whitelisting document to assist you with these solutions. 

Related articles

Comments

0 comments

Please sign in to leave a comment.