IP/Domain Whitelist in Microsoft 365

Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.

To ensure successful delivery of Phish Threat emails and completion of Phish Threat campaigns, follow these steps to make necessary changes in Microsoft's Advanced delivery settings.

In Microsoft 365 admin center, go to ‘Security’


Then, under ‘Policies and Rules’, go to ‘Threat Policies’


Click on ‘Advanced delivery’ and then ‘Phishing simulation’

Under Phishing simulation, make the following additions:

Added notes (31-Aug-2022):
Based on the latest tests, we have seen that in some cases with Mailflow configurations, Microsoft still blocks some of the phish simulations emails. To mitigate this, the Sophos IP ranges for the respective regions must be added under Advanced Delivery in M365 admin centre (screenshot above).
The link below has the list of Sophos IP ranges for different regions. You should add only the range specific to your respective regions.

Removed KB
[edited by: emmosophos at 12:22 AM (GMT -8) on 28 Jan 2023]
Parents Reply
  • You don't need to add all the domains. MSFT limits it to 20 domains. In my discussions with Microsoft they recommend using DKIM domain which is the amazonses.com domain along with the IP's listed and URL's should provide adequate coverage. I will say nothing is for certain with M365 as there have been cases where we see some blocked and some not. 

No Data