Skip to main content

How to Configure Office 365 for Phishing Simulations

Aoife Clarke
  • Updated
If you've recently observed unusual changes to the Reported Click Rate for phishing simulations, please be aware that Microsoft have been rolling out a change to Defender which is due to be completed by late July (previously mid-June) 2022. This roll-out may require you to make changes to your 'Safe Links' configuration, as explained here
The change will introduce a new, default security pre-set called 'Built-in-Protection' in Defender for Office 365. Built-in-Protection is a third preset Security Policy, like the Standard and Strict preset policies, and is enabled, by default, for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the End User. 

1. Configure Advanced Delivery

To ensure mail is successfully delivered to your users in an Office 365 environment, please follow this guide:

1. As an O365 Security admin, navigate to https://security.microsoft.com/advanceddelivery 

2. Select the Phishing simulation tab, and click on Edit.

mceclip0.png

3.  On the 'Edit third-party phishing simulation' tab that opens, configure the following settings:

  • Domain: Expand this setting, and enter at least one email address domain by clicking in the box, entering a value, and then clicking Enter.  You should enter the MetaPhish domain(s) that you wish to use for your phishing simulations.  Up to 20 domains can now be added. (Please note that some Microsoft articles say only up to 10 domains can be added.)

mceclip4.png

  • Sending IP: Expand this setting, and enter the relevant IP addresses:

mceclip3.png

  • Simulation URLs to Allow: Expand this section, and add any domains you will be using in the following format *.domainname.com/* 

mceclip2.png

When completed, action one of the following steps:

  • First time: Click Add followed by Close.
  • Edit existing: Click Save, and then select Close.

After implementing these changes, send a Phish to a small number of users to confirm Whitelisting is working as intended.

Further information can be found in the below Microsoft Article:

 

2. If you have Safe Links enabled, add 'Do not rewrite URLs in email' 

If you have 'Safe Links' enabled within Microsoft Defender, you will need to add our domains to the 'Do not rewrite URLs in email' within the 'URL & click protection settings' within the policy.
  1. Navigate to your existing Safe Links policy.
  2. Click URL, followed by Protection Settings.
  3. Click Manage 0 URLs (see below).
  4. Click Add URLs.
  5. Add any domains you will be using in the following format *.domainname.com/* 
  6. Click Save and then save your policy.

mceclip0.png

This will now stop the 'Safe Links' policy from scanning and rewriting URLs that have been added to the 'Manage 0 URLs' section. 

More information can be found in the below Microsoft Article;

Related articles