IP/Domain Whitelist in Microsoft 365

Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.

To ensure successful delivery of Phish Threat emails and completion of Phish Threat campaigns, follow these steps to make necessary changes in Microsoft's Advanced delivery settings.

In Microsoft 365 admin center, go to ‘Security’

Then, under ‘Policies and Rules’, go to ‘Threat Policies’

Click on ‘Advanced delivery’ and then ‘Phishing simulation’

Under Phishing simulation, make the following additions:

Added notes (31-Aug-2022):

Based on the latest tests, we have seen that in some cases with Mailflow configurations, Microsoft still blocks some of the phish simulations emails. To mitigate this, the Sophos IP ranges for the respective regions must be added under Advanced Delivery in M365 admin centre (screenshot above).

The link below has the list of Sophos IP ranges for different regions. You should add only the range specific to your respective regions.

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/EmailSecurity/EmailDomainInfo/index.html#MFDomains

Removed KB
[edited by: emmosophos at 12:22 AM (GMT -8) on 28 Jan 2023]

Top Replies

Jason Bristow over 1 year ago in reply to Jason Bristow +1

How did you go about adding all of the domains for whitelisting? You can only add up to 20 domains and you must have at least one. Do all of the domains need to be on the list as well as the IP's? cloud…

Parents

Phill Wade over 1 year ago

I have completed what is suggested here, however, Defender for Safe Links is still blocking the URL for awstrack.me. Has anyone else had this issue and found a fix? I have also logged a support case with Microsoft.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Michael Schneider over 1 year ago in reply to Phill Wade

Did u get this fixed ? I cannot get Safe Links not to block the urls.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Michael Schneider over 1 year ago in reply to Phill Wade

Did u get this fixed ? I cannot get Safe Links not to block the urls.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

Phill Wade over 1 year ago in reply to Michael Schneider

Sorry for not replying to you sooner - yes, we eventually got this working. In the Microsoft Security Centre > Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation - we had to enter the "Simulation URL's to allow" in the following format:

www.linkedn.co/*
www.shipping-updates.com/*

It does not work without the /* at the end, which was the suggestion from our Microsoft Support case. It does mean that we need to go in and check/add the URL each time, depending on the campaign, as we can only add up to 20 simulation URL's.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel