Whitelisting

How do I whitelist a domain in Microsoft 365?

Microsoft 365 protects your email account with automatic filters that divert suspected spam to a separate folder away from the Inbox. It also has a separate safe sender list that allows senders to be trusted and allows images to be downloaded automatically from the send-outs.

While this safeguard is usually helpful, valid emails from companies and colleagues may also end up in the spam folder.

Creating a whitelist tells the program which domains to always allow through and eliminates the possibility of missing legitimate emails. 

Recommendations

  • You can use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy.
  • Whitelisting should only be used during a send-out, and it should be removed in between send-outs to make it as safe a process as possible.
  1. Go to the Microsoft 365 Defender portal.

  2. Go to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery in the Rules section.

  3. On the Advanced delivery page, select the Phishing Simulation tab, and then do one of the following steps:

    • Click Edit.
    • If there are no configured phishing simulations, click Add.
  4. On the Edit third-party phishing simulation flyout that opens, configure the following settings:

  • Sending domain:
    Expand this setting and enter at least one email address domain (for example, contoso.com) by clicking in the box, entering a value, and then pressing Enter or selecting the value displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries.
  • Sending IP:
    Expand this setting and enter at least one valid IPv4 address by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries. Valid values are:

    • Single IP: For example, 192.168.1.1.
    • IP range: For example, 192.168.0.1-192.168.0.254.
    • CIDR IP: For example, 192.168.0.1/25.
  • Simulation URLs to allow:
    Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries. For the URL syntax format, see:
    URL syntax for the Tenant Allow/Block List.
    To remove an existing value, click remove next to the value.

 4. When you're finished, do all three of the following steps:

  • First time: Click Add, and then click Close.
  • Edit existing: Click Save and then click Close.

The third-party phishing simulation entries you configured are displayed on the Phishing simulation tab. To make changes, click Edit on the tab.

Please add the domains mentioned in the selected categories to the simulation URLs to receive phishing emails. (See the attached screenshot below.)