Configuring Office 365 for Secure Schools Phishing Simulations

Have more questions? Submit a request

Without completing this step, it's likely that the phishing simulation emails will be held in the Office 365 Quarantine and will need to be manually released. At the same time, it's also important not to undermine the inbuilt security features of Office 365 that could allow an attacker to spoof the domain names used by our phishing simulator.

 
To ensure that Secure Schools Phishing Simulations are successful and safe, the school or trust's email environment must be configured to recognise the emails as trusted phishing simulations.


The objectives of this guide are as follows:

  • Exchange Online Protection and Microsoft Defender take no action for Secure Schools Phishing Simulations

  • Zero-hour Purge take no action for Secure Schools Phishing Simulations

  • Safe Links and Safe Attachments features do not 'fire' the attachments or links in phishing simulation emails and, therefore, reduce the likelihood of a false positive

  • Keep SPF, DKIM and DMARC controls in place

  • Keep malware controls in place

With the above in mind, we have prepared step-by-step instructions for allowing Secure Schools Phishing Simulation emails through the Office 365 filters while maintaining SPF, DKIM and DMARC controls.


The following instructions have been adopted from Microsoft's guide for configuring the delivery of third-party phishing simulations.

If you have any questions or concerns about this guide, please get in touch by commenting here or using the help link at the top of this page, and one of our team would be happy to help.

Step 1

Log in to Microsoft 365 Defender with an account that has the Security Administrator and a member of the Organization Management role group. A global administrator would have these privileges by default.

Step 2

Navigate to Policies & Rules > Threat Policies > Advanced Delivery, then click on the Phishing Simulation tab.

 


Step 3

Click the Edit button to access the Third Party Phishing Simulations options.


image__1_.png


Step 4

Enter Secure Schools' Phishing Simulator details into the Third Party Phishing Simulations options pane:

Sending Domains:

  1. emaildistributionhub.co.uk

  2. notificationdistributionhub.co.uk

  3. emaildistributionhub.com

  4. notificationdistributionhub.com

  5. emaildispersalhub.co.uk

  6. emaildispersalhub.com

  7. maildispersalhub.com

  8. notificationdispersalhub.co.uk

  9. notificationdispersalhub.com

Please note that the above list is regularly updated and may include additional domains not included in the screenshots

Sending IP:

  • 185.250.239.80
 
There's no requirement to add Simulation URLs to allow.
 
Step 5
Click Save.

Congratulations, your school or trust's Office 365 tenancy has been configured to receive phishing simulation emails safely!
 
Note:
Under most configurations, whitelisting our phishing simulation platform hostnames and IP addresses will be enough to allow the simulation emails to arrive in the user’s inbox. However, under some setups, you may need to whitelist by email header to ensure the phishing simulation emails are delivered correctly. Details on that are below:
 

How to configure bypassing spam filtering by mail header in Microsoft 365

To bypass spam filtering by email header:

  1. Log into the Microsoft 365 exchange admin centre
  2. Navigate to Mail flow and select Rules
  3. Select Add a rule, then select Bypass spam filtering.

Bypass Spam Filtering by email header - 365.png

  1. From the New transport rule window enter a suitable rule name
  2. From the Apply this rule if option, select The message headers…
  3. In this same section, select includes any of these words
  4. Under the Apply this rule if section, click Enter text to specify the header name:
    X-PHISHTEST
  5. Select Save
  6. Select Enter words and enter SecureSchools
  7.  Select Add and the Save

1.png

  1. Under the Do the following section make sure the options are set to:
    • Modify the message properties
    • Set the spam confidence level (SCL)
    • Set the spam confidence level (SCL) is set to -1

2.png

  1. In the same section, add a second action by clicking the + icon to the right of the drop-down menu
  2. In the And section select Modify the message properties
  3. In the same section, select Set a message header
  4. Click the lefthand Enter text option and enter X-MS-Exchange-Organization-BypassClutter
  5. Select Save
  6. Select Enter text and enter true

3.png

 

  1. Review all settings and click Next
  2. Set the Rule mode to Enforce and then click Next
  3. Review all settings and select Finish

4.png

 

.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
  • Fow how-to and support videos please visit our channel