Modules
Sign in
New Request
  1. Kaseya
  2. BullPhish ID
  3. Safelisting

Microsoft Office 365 Automatic Safelisting Guide

This guide describes how to run scripts for adding save senders automatically.

Prerequisites

  • To run scripts, you must have a Windows machine. 
  • To run scripts in the background, you must have PowerShell v7 installed. (If you find errors, scroll down to the troubleshooting section below.)
  • You must access Azure Active Directory to create an unattended authentication mechanism.

Steps to follow: 

Step 1: Create auth key for unattended running scripts in the PowerShell. Click the link below and go to the section “Setup app-only authentication, “ and follow the steps:

App-only authentication in Exchange Online PowerShell and Security & Compliance PowerShell | Microsoft Learn

Step 2: Download the script from the article attachments: "addSaveSenders_Revised.ps1" To find this file, scroll down to the bottom of this article and download the link.

Step 3: Prepare Config.ps1 file with the code listed below:

# please do not remove this line
$Configs = [System.Collections.ArrayList]::new()

# The coma separate list of sending domains is available on the BullPhish website under the Guides & FAQ / Sending Domains section.
$Senders="example1.com","exapmle2.com"

# example organization 1 
# AppId - id of app created in Azure AD on 1-st step
# CertificateFilePath - path to generated certificate from step 1 with *.pfx extension.
# CertificatePassword - password used for creating *.pfx certificate.
# Organization - Microsoft organization domain under “onmicrosoft.com”
[void]$Configs.Add(@{
AppId="000000-0000-0000-0000-000000000000";
CertificateFilePath="path/to/cert1.pfx";
CertificatePassword="1234";
Organization="org1.onmicrosoft.com";
})

# example organization 2
[void]$Configs.Add(@{
AppId="11111111-1111-1111-1111-111111111111";
CertificateFilePath="path/to/cert2.pfx";
CertificatePassword="5678";
Organization="org2.onmicrosoft.com";
})

Step 4: The user will use the following command below to add it to the task schedule. 

powershell -ExecutionPolicy unrestricted -File "\Path\To\addSaveSenders_Revised.ps1" -ConfigPath=”Path\To\Config.ps1”

Command options: All these options are mentioned in the commands above. 

  • -File - its path to the uploaded script. 
    • example: "C:\Users\example.name\addSaveSenders_Revised.ps1"
  • -ConfigPath - the path to config.ps1 file created on the third step
    • example: "C:\Users\example.name\Config.ps1"

Step 5: Add to a scheduler (requires admin rules).

To create a task using advanced settings using the Task Scheduler, use the steps below:

1. Click the Start button on your Windows device.

2. Search for Task Scheduler, and click the top result to open the experience.

3. Right-click the "Task Scheduler Library" branch and select the New Folder option. 

image-20220927-082658.png

4. Provide a name for the folder. For example, MyTasks. (This step isn't a requirement, but it's a recommended step to keep your tasks separate from the system and apps tasks.)

5. Click OK.

6. Expand (double-click) the "Task Scheduler Library" branch and select the MyTasks folder.

7. Click the Action from the top menu bar.

8. Select the Create Task option.

image-20220927-082715.png

9. Click the General Tab

  • In the "Name" field, type a short descriptive name for the task. For example, PowerShell First Script.
  • (Optional) In the "Description" field, create a description for the task.
  • In the "Security options" section, you can configure which administrator account can run the task. Quick Tip: The default user should be exemplary if using an account with administrative privileges. Assume you're running a Command Prompt or PowerShell command; in this case, you can select the Run whether a user is logged on or not option to prevent the command window from showing up when the task runs automatically, as it's likely that using the Hidden option won't work.

image-20220927-082743.png

  • (Optional) Check the Run with the highest privileges option if the task requires elevated privileges.
  • The "Configure for" settings should be left alone unless you're required to use a different compatibility option.

image-20220927-082731.png

10. Click Triggers > New.

mceclip2.png

  • Select the On a schedule option from the "Begin the task" drop-down menu.
  • Using the "Start" settings, specify the date in which the task will be triggered. 
  • Select the Monthly option from the left side menu.
  • Use the "Months" drop-down menu to select the months the task will run.

image-20220927-082755.png

  • Use the "Days" or "On" drop-down menu to specify the days that the task will run.

image-20220927-082810.png

  • (Optional) In the "Advanced settings" section, you can select options to delay, repeat, stop, and expire a task. The Enabled option is checked by default (These settings should not be changed, unless necessary).
  • Click OK.

image-20220927-082908.png

11. Click Actions > New.

mceclip0.png

  • Use the "Action" drop-down menu and select the Start a program option. You can still use the Send an e-mail or Display a message option, but these are deprecated features, which means that they may or may not work because Microsoft is no longer maintaining them.
  • Under the "Settings" section, specify the application's path in the "Program/script" field. For example, powershell.
    • Quick Tip: If you don't know the path of the app, click the Browse button to find it. Also, if it's a general application like PowerShell or Command Prompt, you only need to specify the file name.

  • In the "Add arguments" field, specify the command. For example: -ExecutionPolicy unrestricted -File "\Path\To\addSaveSenders_Revised.ps1" -ConfigPath=”Path\To\Config.ps1

  • Click OK.

image-20220927-082942.png

12. Click the Conditions tab.

  • (Optional) The "Conditions" tab includes settings combined with the "Triggers" settings to determine when the task should run. (If you're creating a simple task, you don't need to modify these settings. However, you want to make sure the Power settings are configured to your requirements.)
  • Click OK.

image-20220927-082959.png

13. Click the Settings tab.

  • (Optional) The "Settings" tab includes additional options that will directly affect the behavior of the task. It's not a requirement to change these settings, but it's a good idea to check the following options:

    • Run the task as soon as possible after a scheduled start is missed.

    • If the task fails, restart every. (Use this option with the default selections.)

  • Click OK.
image-20220927-083019.png

For verification, if the script works correctly - you could run it manually by right-clicking on a task and selecting “Run.“

image-20221007-225110.png

After completing the steps, authenticate with your account credentials, and then the task will run automatically on schedule or event using the specified settings. 

Troubleshooting:

If you have errors, that cmdlet doesn’t exist - you need to update your PowerShell to the latest version.

Guide how to migrate from 5.1 PowerShell to 7:

https://learn.microsoft.com/en-us/powershell/scripting/whats-new/migrating-from-windows-powershell-51-to-powershell-7?view=powershell-7.2

 

 

Attachments

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section