1. Configure Advanced Delivery

To ensure mail is successfully delivered to your users in an Office 365 environment, please follow this guide:

• As an O365 Security admin, navigate to https://security.microsoft.com/advanceddelivery
• Select the Phishing simulation tab, and click on Edit.

• On the 'Edit third-party phishing simulation' tab that opens, configure the following settings:

1. Domain: Expand this setting, and enter the AWS domain 'spm.metacompliance.com' for your phishing simulations. Please note: IP Address and Domain need to be added in order for Advanced Delivery to work. The IP addresses below are dedicated IPs for MetaCompliance so only emails sent from these dedicated IPs will get through. 

2. Sending IP: Expand this setting, and enter the relevant IP addresses: 

When completed, action one of the following steps:

• First time: Click Add followed by Close.
• Edit existing: Click Save, and then select Close.

After implementing these changes, send a Phish to a small number of users to confirm allowlisting is working as intended.

Further information can be found in the below Microsoft Article:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-worldwide#use-the-microsoft-365-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy

2. If you have Safe Links enabled, add 'Do not rewrite URLs in email'

• Navigate to your existing Safe Links policy.
• Click URL followed by Protection Settings.
• Click Manage 0 URLs (see below).
• Next, slick Add URLs.
• Add any domains you will be using in the following format*.domainname.com/*
• Lastly, click Save and then save your policy.

This will now stop the 'Safe Links' policy from scanning and rewriting URLs that have been added to the 'Manage 0 URLs' section. 

More information can be found in the below Microsoft Article;

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide