Allow listing CultureAI emails in Microsoft Office 365
- Create a ‘Bypass Spam’ rule for emails arriving from 188.8.131.52 & 184.108.40.206
- Create a 'Microsoft APT bypass' rules to bypass Safe Link and Safe Attachment processing.
- Create a connection filter rule to allow emails arriving from 220.127.116.11 & 18.104.22.168.
Step-by-step instructions provided below.
Configuring Allow Listing
Mail Flow Rules - Simulated Phishing
- 1. Navigate to the Office 365 Exchange Admin Centre
- The Exchange admin centre for your organisation is available at the following URL:
- 2. Click 'Rules'
- ‘Rules’ can be found under the ‘mail flow’ heading:
- 2. Click "Create a new rule"
- You will need to fill out the new rule as the image below
- Enter a name for the rule, such as "Spam Bypass Rule"
- Click the "Apply this rule if" dropdowns and select "The sender" > "IP address is any of these ranges"
Enter the IP 22.214.171.124 when prompted and click add. Repeat to add 126.96.36.199, then click ‘ok’.
- Add another condition and click the dropdown box and select "Modify the message properties" > "Set the spam confidence level (SLC). Set this to -1 (safe)
- Add another condition, click the drop down box and select "Set the message header to" 'X-MS-Exchange-Organization-SkipSafeLinksProcessing' and set the value to '1'.
- Your new rule should now look as below. Click ‘Save’ to store this rule.
Mail Flow Rules - Reporting Add-in
If you are using the CultureAI reporting tool, you will need to add an additional mail flow rule to prevent the automatic processing of attachments from CultureAI.
1. Create a new mail flow rule
This rule can be a standard rule following the same source IP setup as outlined in Step 3 above.
2. Add Microsoft ATP SafeAttachments header
Click 'Add Action' and select:
Modify the message properties > Set a message header
Set the message header to 'X-MS-Exchange-Organization-SkipSafeAttachmentProcessing' and value to '1'.
3. Check and save
Your new rule should now look as below. Click ‘Save’ to store this rule.
Connection Filter Rules
1. Open the Office 365 Security and Compliance site
The security and compliance platform can be accessed from the following URL:
Under threat management select "Policy":
Under policy select "Anti-spam":
2. Edit the "Connection filter policy"
Select "Edit" under the IP Allow List:
Add both 188.8.131.52 and 184.108.40.206 to the ‘Allowed IP Address’ list. Click ‘Save’ to save the settings.