Microsoft 365 Whitelist

In this article, we explain the process of domain whitelisting. If your organisation operates under the restrictions and security policies of Microsoft Office 365, you will need to follow the guidelines provided down below. In this way, you will be able to execute “testing” phishing campaigns towards your personnel, but also send out Student Notifications regarding their training.

1. Login to your Microsoft 365 admin profile and navigate to your apps. Select the Admin option:

2. Click on Show all to expand:

3. Navigate to the Exchange admin center using the Exchange option:

4. As From the menu, click on the Mail flow:

5. Go to Rules so you can start setting up your whitelist rules:

6. Press the plus icon to view the available rules:

7. For our case, we will be using the Bypass spam filtering… option:

This will prompt the following window:

8. Assuming that this rule will be used for training notifications, we will name it accordingly:

9. As a next step, click on the indicated option to set a specific condition:

10. Hover over The sender… and select the domain is option:

You will be prompted with the following window:

11. Set the domain you would like to whitelist and click on the plus button:

You can always add more of your domains under a specific rule.

12. Click OK to finalise:

13. In the action box, there should be assigned by default the Set the spam confidence level (SCL) to… with value equal to Bypass spam filtering. Verify that this is the case:

14. Finally, click on Save to apply the changes:

15. As mentioned earlier, this process can be used to whitelist multiple domains as well! You will find this very useful for the phishing campaigns. For demonstration purposes, navigate to the Email Campaigns section and move on to the last step of the creation procedure:

16. Click on the Landing page domain URL list provided to view the available phishing domains for use:

17. While following the same procedure, we can whitelist various domains through a single rule:

Failing to do so will result in emails arriving at the spam/junk folders of target users’ inboxes! Click here to learn more about Training Campaigns or here to dive deeper into Email Campaigns!