# Microsoft 365 Whitelist

In this article, we explain the process of **domain whitelisting.** If your organisation operates under the restrictions and security policies of **Microsoft Office 365,** you will need to follow the guidelines provided down below. In this way, you will be able to execute “testing” phishing campaigns towards your personnel, but also send out [Student Notifications](https://docs.cyberawaresecurity.com/admin-portal/student-notifications) regarding their training.

{% embed url="<https://vimeo.com/icsi/microsoft-365-whitelist?share=copy>" %}

&#x20;

**1.** Login to your **Microsoft 365 admin profile** and navigate to your apps. Select the **Admin** option:

![](/files/X3xvOqM6iebAFpXe48ES)

**2.** Click on **Show all** to expand:

![](/files/MNduAfuaeFUBTUhtHv6A)

**3.** Navigate to the admin center using the **Security** option:

<figure><img src="/files/GQYUJZJd8hupZG5E5TJO" alt=""><figcaption></figcaption></figure>

**4.** As From the menu, click on the **Email & collaboration**&#x20;

<figure><img src="/files/IPtDfO44ZnTMioezier7" alt=""><figcaption></figcaption></figure>

**5.** Go to **Policies & rules** so you can start setting up your whitelist rules:

<figure><img src="/files/6Re9osJZqLzL0LwBLMMq" alt=""><figcaption></figcaption></figure>

**6. From Policies & rules click on Threat policies** :

<figure><img src="/files/raTyLoInOG5c4za8TCaJ" alt=""><figcaption></figcaption></figure>

**7. Click on Advanced delivery:**

<figure><img src="/files/xeWMmSEHx9DXURnbJOnb" alt=""><figcaption></figcaption></figure>

**8.** Click on **Phishing simulation**:&#x20;

<figure><img src="/files/5DcbiwlpB5N2wMQzFHsD" alt=""><figcaption></figcaption></figure>

**9.** Click on **edit**:

<figure><img src="/files/PbR8fssstQ2pOACMvhb2" alt=""><figcaption></figcaption></figure>

**10.** Set the domain(s) you would like to **Whitelist** :

<figure><img src="/files/CHyf3pW2f9oY4ddAbvqH" alt=""><figcaption></figcaption></figure>

**11.** Set the domain(s) you would like to **Whitelist from** simulation URLs to allow :

&#x20;

<figure><img src="/files/t0kqWJQ8iSZRXlBgrLWP" alt=""><figcaption></figcaption></figure>

**12.** Finally, click on **Save** to apply the changes:

Failing to do so will result in emails arriving at the **spam/junk** folders of target users’ inboxes! Click [here](https://docs.cyberawaresecurity.com/admin-portal/training-campaigns) to learn more about **Training Campaigns** or [here](https://docs.cyberawaresecurity.com/admin-portal/email-campaigns) to dive deeper into **Email Campaigns!**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cyberawaresecurity.com/tips-and-tricks/microsoft-365-whitelist.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.