Microsoft Office 365 Safelisting Guide

 

Microsoft_Office_365.PNG

Section

Details

Date of Change

Section B Step 11-14 Point 2:

Steps added for the routing setup

November 16th, 2021

Sending Domains

Added a new SMTP server "34.237.252.20" to improve email deliverability

November 29th, 2021

Section 3

Added a new SMTP server to fix email delivery issues for error code "451 4.7.50" Server is busy in Exchange Online.

January 27th, 2022

 

Section 2, Step 5

Exporting Sending Domains links updated

January 28th, 2022

Section 2, Simulation URLs to allow

Old URL "*.secureawareness.net /*" replaced with "*.cloudsurveillance.net /*"

February 10th, 2022

Updated Section 2, Step 5

Prevent Outlook from blocking content in your emails and displaying a Safe Senders Warning

April 10th, 2022

Preventing Microsoft Defender from rewriting BullPhish ID campaign links

New procedure

 

 

July 10, 2023

 

 

Fix email delivery issues procedure

Step 6: Added BullPhish ID IP addresses

July 19, 2023

First section and Fix email delivery issues for error code "451 4.7.50 Server is Busy" section.

 

Updated BPID IP address list

 

 

 

October 19, 2023

 

 

 

Global

 

More definitive sections created and details added for clarity.

November 30, 2023

 

Prerequisites

Introduction:

BullPhish ID uses specific domains and IP addresses to send phishing and training campaign emails to your end users. In addition, phishing emails include simulation URLs. 

For campaign emails to be successfully delivered to your end users, you are required to configure various Microsoft 365 components to prevent campaign emails from being blocked.

Complete all sections in the following order:

Note: If you are using third-party services to filter incoming emails before they are delivered to Microsoft Office, see the following guides to properly configure connections between Microsoft and the third-party service:

Configuring Microsoft 365 Defender

To prevent Microsoft 365 Defender from blocking phishing and training campaign emails, you must allowlist the BullPhish ID domains, IP addresses, and simulation URLs in Microsoft 365 Defender.

At least one sending domain and one sending IP address must be configured. Also, you must allowlist simulation URLs to ensure they are not blocked when included in the campaign emails.

A maximum of 10 entries can be configured for each item. There must be at least one match between a sending domain and a sending IP.

To allowlist BullPhish ID domains, IP addresses, and simulation URLs in Microsoft 365 Defender:

  1. In the Microsoft 365 Defender navigation menu, select Email & collaboration > Policies & rules.
    Office 22.png
  2. On the Policies & rules page, click Threat policies.
    Office 23.png
  3. On the Threat policies page, in the Rules section, click Advanced delivery. 
    Office 24.png 
  4. On the Advanced delivery page, click the Phishing simulation tab and perform one of the following steps:
    • If there are configurations for phishing simulations listed, click Edit.
      Note: When editing configurations, you can add new configurations and/or delete existing ones.
      Office 25.png
    • If there are no configurations for phishing simulations listed, click Add.
      Office 26.png
  5. In the Add/Edit third-party phishing simulations modal, configure sending Domain entries:
    a. Open the Sending_Domains.csv file you downloaded as directed in the Prerequisites.
    Office 44.png
    b. Copy one of the sending domains you would like to use in your campaigns. For example,
    bp-service-support.com (do not copy the word Verified).

    Important: Your CSV file will include any custom-sending domains you have created, the status of which may currently be Not Verified. For example, in the step above, bell.com is a custom domain that has not been verified. A domain must be verified before it can be used in a phishing simulation. However, you can still configure a custom domain currently in the Not Verified status as long as you have completed the steps to verify the domain. It can take up to 48 hours for a custom domain to be verified. For more information, see the article Chapter 9: How to configure a custom domain.

    c. In the Add/Edit Third-Party Phishing Simulations modal, click Domain.
    Office 28.png
    d. Past the copied domain and press Enter.
    Office 29.png
    e. For each of the sending domains you would like to use in your campaigns: in the CSV file, copy the sending domain, paste it into the Domain field, press Enter.

    If adding all global domains, the Domain field appears like the following:
    Office 30.png 
    Note: Later on, if you add a custom sending domain, download a new Sending_Domains.csv file as directed in the Prerequisites. To add the domain to the allowlist, perform steps 1 through 5.
     
  6. In the Add/Edit third-party phishing simulations modal, configure Sending IP entries:
    a. Click Sending IP.
    Office 31.png
    b. Copy the first IP address listed below and paste it into the Sending IP field. Press Enter. Repeat for the second IP address (if applicable).
      • 34.237.252.20 (SMTP Server IP - Address from where we send Phishing & Training emails).
      • 168.245.13.192 (SendGrid IP – Needed for sending notification emails but only if you are using Dark Web ID as well as BullPhish ID).

        The Sending IP field appears like the following graphic:
        Office 46.png
  7. In the Add/Edit third-party phishing simulations modal, configure sending Simulation URLs to allow entries:
    a. Click Simulation URLs to allow.
    Office 33.png
    b. Copy the first URL listed below and paste it into the Simulation URLs to allow field. Press Enter. Repeat for each remaining URL.  
      • service-noreply.info/* -phishing
      • bpidtr.com/* -training
      • *.bpidtr.com/* - training
      • *.cloudsurveillance.net/* phishing

        The Simulation URLs to allow field appears like the following graphic:
        Office 34.png

        Note:
        To remove an allowlist item, click the X.
  8. In the lower-left corner of the Add/Edit Third-Party Phishing Simulations modal, click Add (appears when configuring phishing simulations the first time) or Save (appears when editing phishing simulations).
  9. Click Close. The configured phishing simulations are listed on the Phishing simulation tab.
    Office 35.png

Manually adding safe sender domains to Microsoft Outlook 

Emails sent from domains not in your organization's Safe Senders list in Outlook may display a message that some email content, including images, may be blocked. 

Office 45.png

To prevent email content from being blocked, you need to add the BullPhish ID sending domains to the Safe Sender list in Outlook for each of your end users.

Important: Perform these steps to add BullPhish ID sending domains manually to each user's Safe Senders list in Outlook. You will need to run this script every time you add new users to ensure all users have the BullPhish ID sending domains added to their Safe Senders list. 

If you want the BullPhish ID sending domains to be added to each user's Safe Senders list in Outlook automatically, refer to the article Microsoft Office 365: Automatically adding safe senders to Microsoft Outlook.
Important: If you do perform the steps to automatically add the BullPhish ID sending domains to each user's Safe Senders list in Outlook, you must come back to this article and complete the following sections:

To manually add BullPhish ID sending domains to each user's Safe Senders list in Outlook:

  1. On your taskbar, click the Windows icon. 
  2. Start typing Powershell. In the Windows Powershell pane, click Run as Administrator.
    Register_app_8.png

  3. Copy the following command. Paste it into PowerShell and press Enter.
Install-Module ExchangeOnlineManagement

If Untrusted repository is displayed, type Y and press Enter. 
Note:
Message is displayed if ExchangeOnlineManagement is already installed.
Office 48.png

Execute the following command to import the module:

Import-Module ExchangeOnlineManagement
  1. Execute the following command to connect to Exchange Online.
Connect-ExchangeOnline -UserPrincipalName UPN
Note:  UPN is your account in user-principal name (UPN) format, for example, xxxxx@contoso.com.
  1. Copy the following code and paste it into a text file. Replace the example text in the $senders = command line with the sender domains you wish to add to the user's safe senders list. Each domain must be entered in quotes. Each domain must be separated by a comma.
    Note: The list of sending domains is in the Sending_Domains.csv file you downloaded as directed in the Prerequisites.
    $users = Get-EXOMailbox -ResultSize unlimited
    $senders = "example@example.com" #add safe senders here, in quotes and comma-separated
    foreach($user in $users){
    $out = 'Adding Trusted Senders to {0}' -f $user.UserPrincipalName
    Write-Output $out
    Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Add=$senders}
    }
    Write-Output "Finished!"
Example:
$users = Get-EXOMailbox -ResultSize unlimited
$senders = "bp-service-support.com","bp-securityawareness.com","online-account.info",
"myonlinesecuritysupport.com","service-noreply.info","banking-alerts.info","bullphish.com",
"verifyaccount.help","suspected-fraud.info"
foreach($user in $users){
$out = 'Adding Trusted Senders to {0}' -f $user.UserPrincipalName
Write-Output $out
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Add=$senders}
}
Write-Output "Finished!"

6. Copy the script from the text file, paste it into PowerShell and press Enter. The Outlook mailboxes to which the domains are being added are listed.
Office 50.png 

7. To verify the domains have been added to each user's safe senders list, copy the following code and paste, execute in PowerShell.

$users = Get-EXOMailbox -ResultSize unlimited 
foreach($user in $users){
$out = ‘Getting Trusted Senders from {0}' -f $user.UserPrincipalName
Write-Output $out
Get-MailboxJunkEmailConfiguration $user.UserPrincipalName
}
Write-Output "Finished!"

The TrustedSendersAndDomains field lists the added domains for each user's mailbox.

Office 51.png

Note: For more information about connecting to Exchange Online PowerShell, see the article
Connect to Exchange Online PowerShell.

To remove domains already added from the safe sender list:

Important: Running the script below will remove domains from each user's Safe Senders list in Outlook. After the domains are removed, any emails sent from these domains may be blocked.

  1. Copy the following code and paste it into a text file. Replace the example text in the $senders = command line with the sender domains you wish to remove from the user's safe senders list. Each domain must be entered in quotes. Each domain must be separated by a comma.
$users = Get-EXOMailbox -ResultSize unlimited 
$senders = "example@example.com" #add safe senders here,
in quotes and comma-separated

foreach($user in $users){
$out = 'Removing Trusted Senders from {0}' -f $user.UserPrincipalName
Write-Output $out
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Remove=$senders}
}
Write-Output "Finished!"

Example:

$users = Get-EXOMailbox -ResultSize unlimited 
$senders = "bp-securityawareness.com"
foreach($user in $users){
$out = 'Removing Trusted Senders from {0}' -f $user.UserPrincipalName
Write-Output $out
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Remove=$senders}
}
Write-Output "Finished!"

2. Copy the script from the text file. 

3. In PowerShell, paste the code and execute.

4. To verify the domains have been removed from each user's safe senders list, copy the following code and paste, execute in PowerShell.

$users = Get-EXOMailbox -ResultSize unlimited 
foreach($user in $users){
$out = ‘Getting Trusted Senders from {0}' -f $user.UserPrincipalName
Write-Output $out
Get-MailboxJunkEmailConfiguration $user.UserPrincipalName
}
Write-Output "Finished!"

Preventing Microsoft Defender from rewriting BullPhish ID campaign links 

To ensure the BullPhish ID links included in campaign emails are not rewritten, the sending domains must be allowlisted. You need to create a rule in the Exchange admin center that prevents Microsoft from falsely indicating that a campaign link was clicked. Without such a rule, campaign results will not be accurate.  

  1. Log into Exchange admin center https://admin.exchange.microsoft.com/#/.
  2. In the navigation menu, select Mail flow > Rules.
    Office
  3. On the Rules page, click Add a rule.
    Office
  4. Select Create a new rule.
    Office
  5. On the Set rule conditions page, in the Name field, enter a name for the rule. For example, Bypass Safe Links for BullPhish ID.
    Office
  6. In the Apply this rule if list, select The sender.
    Office
  7. In the list box to the right, select IP address is in any of these ranges or exactly matches.
    Office
  8. Copy the first IP address listed below and paste it into the specify IP address ranges field. Click  Add. Repeat for the second IP address (if applicable).
      • 34.237.252.20 (SMTP Server IP - Address from where we send Phishing & Training emails).
      • 168.245.13.192 (SendGrid IP – Needed for sending notification emails but only if you are using Dark Web ID as well as BullPhish ID).
        Office 52.png

  9. When finished, in the lower-left corner of the modal, click Save.
    Office 53.png

  10. In the Do the following section:
    a. In the first list, select Modify the message properties.
    b. In the list to the right, select set a message header.
    Office
    c. In the sentence Set the message header...click the first Enter text.
    Office
    d. Copy the following text: X-MSExchange-Organization-SkipSafeLinksProcessing
    e. In the message header field, paste the text.
    Office
    f. In the lower-left corner of the modal, click Save.
    g. In the sentence Set the message header... after to the value, click Enter text.
    Office
    h. In the message header field, enter 1.
    Office
    i. In the lower-left corner of the modal, click Save.
    Note:  Don't make any selections in the Except if section.
  11. In the lower-left corner of the Set rule conditions page, click Next.
  12. On the Set rule settings page, leave the settings selected by default and click Next.
  13. On the Review and finish page, click Finish. It may take a moment for the rule to save.
  14. When the message Transport rule created successfully is displayed, at the bottom of the page, click Done.
    Office 
  15. In the Rules table, for the rule you just added, click Disabled.
    Office
  16. In the modal, click the toggle to enable the rule.
    Office

    It may take a moment for the rule status to update to Enabled.
    Office
  17. To close the modal, in the upper-right corner, click the X. In the Rules table, the rule's Status is Enabled.
    Office 

Preventing an email non-delivery error

If your organization sends a large volume of campaign emails that may possibly overwhelm the Microsoft Office 365 email servers, you may receive a non-delivery error. To resolve this issue, you can configure a connector from the BullPhish ID server(s) to Microsoft Office 365.

To configure a connector from the BullPhish ID server(s) to Microsoft Office 365:

  1. Log into into the Exchange admin center https://admin.exchange.microsoft.com/#/.
  2. Select Mail Flow > Connectors.
    Office 36.png
  3. Click Add a connector.
    Office 37.png
  4. In the Connection From section, select Partner organization and click Next.
    Office 38.png
  5. In the Name field, enter a name for the connector. Description is optional. Leave Turn it on selected. Click Next.
    Office 39.png
  6. Select By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization.
  7. Copy the IP address 34.237.252.20 and paste it into the IP address field. Click the plus button.

    Office 40.png
  8. If you are using Dark Web ID as well as BullPhish ID, copy the IP address 168.245.13.192 and paste it into the IP address field. Click the plus button.
    Office 41.png
  9. Click Next.
  10. On the Security restrictions page, leave Reject email messages if they aren't sent over TLS selected. Click Next.
  11. On the Review connector page, click Create connector.
    Office 42.png
  12. On the Connector created page, click Done. The connector is listed in the Connectors table.
    Office 43.png

© Copyright All rights reserved. No part of this document may be reprinted or reproduced, or utilized in any form or by any electronic, mechanical, or other means, now known or hereinafter invented, including photocopying and recording or in any information storage or retrieval system without written permission from the publishers.

 

 

Have more questions?

Contact us

Was this article helpful?
3 out of 3 found this helpful

Provide feedback for the Documentation team!

Browse this section