# Microsoft 365 Whitelist In this article, we explain the process of **domain whitelisting.** If your organisation operates under the restrictions and security policies of **Microsoft Office 365,** you will need to follow the guidelines provided down below. In this way, you will be able to execute “testing” phishing campaigns towards your personnel, but also send out [Student Notifications](https://docs.cyberawaresecurity.com/admin-portal/student-notifications) regarding their training. {% embed url="" %} **1.** Login to your **Microsoft 365 admin profile** and navigate to your apps. Select the **Admin** option: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FVYqrs9v3xWVkQsy1Tgzj%2FOffice365_Whitelist_1.png?alt=media\&token=c65dd004-8dfe-4d8b-b7ab-b6b161e2dab0) **2.** Click on **Show all** to expand: ![](https://787872742-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdbDWFUV8KfahpvaDhzuK%2Fuploads%2FXvZAgvlJflEmnq4mUG0g%2FOffice365_Whitelist_2.png?alt=media\&token=4e7c4830-b9ff-4162-ac00-bf1b6401ff19) **3.** Navigate to the admin center using the **Security** option:

**4.** As From the menu, click on the **Email & collaboration**

**5.** Go to **Policies & rules** so you can start setting up your whitelist rules:

**6. From Policies & rules click on Threat policies** :

**7. Click on Advanced delivery:**

**8.** Click on **Phishing simulation**:

**9.** Click on **edit**:

**10.** Set the domain(s) you would like to **Whitelist** :

**11.** Set the domain(s) you would like to **Whitelist from** simulation URLs to allow :

**12.** Finally, click on **Save** to apply the changes: Failing to do so will result in emails arriving at the **spam/junk** folders of target users’ inboxes! Click [here](https://docs.cyberawaresecurity.com/admin-portal/training-campaigns) to learn more about **Training Campaigns** or [here](https://docs.cyberawaresecurity.com/admin-portal/email-campaigns) to dive deeper into **Email Campaigns!**