Enabling phishing simulations
      Back to home
      1. Knowledge Base
      2. Monitor human risks
      3. Enabling phishing simulations

      Whitelist mailservers - Microsoft Office 365

      Whitelisting CultureAI emails in Microsoft Office 365

      To whitelist emails in Microsoft Office 365, you need to undertake the following steps:
      1. Create a ‘Bypass Spam’ rule for emails arriving from 149.72.233.190 & 149.72.224.180
      2. Create a 'Microsoft APT bypass' rules to bypass Safe Link and Safe Attachment processing.
      3. Create a connection filter rule to allow emails arriving from 149.72.233.190 & 149.72.224.180.

      Step-by-step instructions provided below.

      Configuring whitelisting

      Mail Flow Rules - Simulated Phishing

      1. Navigate to the Office 365 Exchange Admin Centre

      The Exchange admin centre for your organisation is available at the following URL: 

      https://admin.exchange.microsoft.com/

      2. Click 'Rules' 

      ‘Rules’ can be found under the ‘mail flow’ heading:

      mceclip0

      2. Create a ‘Bypass Spam Filtering’ Rule 

      Click the plus symbol then ‘Bypass spam filtering…’ 

      mceclip1

      3. Set up the rule 

      Enter a name for the rule, such as ‘CultureAI - Bypass Spam’ and then select the following: 

      Apply this rule if > The sender > IP Address is in any of these ranges or exactly matches 

      mceclip3

      Then, enter 149.72.233.190 when prompted to specify IP address ranges and click ‘+’. Repeat to add 149.72.224.180, then click ‘ok’.

      mceclip1-1

      4. Add the Microsoft ATP SafeLinks header

      Click 'Add Action' and select the following:

      Modify the message properties > Set a message header

      mceclip4

      Set the message header to 'X-MS-Exchange-Organization-SkipSafeLinksProcessing' and value to '1'.

      5. Check and save

      Your new rule should now look as below. Click ‘Save’ to store this rule.  

      mceclip0-1

      Mail Flow Rules - Reporting Add-in

      If you are using the CultureAI reporting tool, you will need to add an additional mail flow rule to prevent the automatic processing of attachments from CultureAI. 

      1. Create a new mail flow rule

      This rule can be a standard rule following the same source IP setup as outlined in Step 3 above.

      2. Add Microsoft ATP SafeAttachments header

      Click 'Add Action' and select:

      Modify the message properties > Set a message header

      mceclip2

      Set the message header to 'X-MS-Exchange-Organization-SkipSafeAttachmentProcessing' and value to '1'.

      3. Check and save

      Your new rule should now look as below. Click ‘Save’ to store this rule.  

      mceclip1-2

      Connection Filter Rules

      1. Open the Office 365 Security and Compliance site

      The security and compliance platform can be accessed from the following URL:

      https://protection.office.com/

      Under threat management select "Policy":

      mceclip0-2

      Under policy select "Anti-spam":

      mceclip1-3

      2. Edit the "Connection filter policy"

      mceclip2-1

      Select "Edit" under the IP Allow List:

      mceclip3-1

      Add both 149.72.233.190 and 149.72.224.180 to the ‘Allowed IP Address’ list. Click ‘Save’ to save the settings.

      mceclip4-1