IP/Domain Whitelist in Microsoft 365

Just to be fair. We had a meeting today with Sophos and follows all the steps.

They told us, that this settings described above does not work and are not needed.

We used the Script from "Aaron Jacobs" who they said is a Sophos Employee to configure our tentant.

OWA still blocks the Safe Links and we and they had now idea.

For now we are still on hold and wait until monday if there is some exchange online magic that will happen :)

Hi Michael,

Yep, am a Sophos employee but should clarify this is not a Sophos script. I was an MSP/partner before joining Sophos, and we made this script up after a lot of issues getting Phish Threat going around Safe Links, and what I will call "well configured" M365/Defender/Exchange Online Protection policies. As far as I am aware, the script is still be using today successfully by my old MSP.

I assume you looked over the script and modified it to suit, but you will note it's making some transport rules, it has an array of domains to be excluded for Safe Links, and it creates a Safe Links Policy. 

It also adds some AntiPhish domain exclusions, and some AntiPhish email address policies.

Finally, it adds the domains in the Hosted Content Filter Policy.

I troubleshooted this for a long time, and it was not until we did all of these things that Microsoft would actually leave the emails alone, based on how we had configured M365. In case it helps, they were largely based around the recommendations from https://www.itpromentor.com/

I'd suggest looking over the script, making sure the IP addresses in there and domains match whatever PhishThreat is telling you to exclude today, look for errors when you ran the script, and double check that what the script is setting, actually did get applied (and doesn't conflict with anything else you already have configured).

Let me know how you get on and I can check in to see if this script is still working as planned for my old MSP.

All the best,

Hi Michael,

Yep, am a Sophos employee but should clarify this is not a Sophos script. I was an MSP/partner before joining Sophos, and we made this script up after a lot of issues getting Phish Threat going around Safe Links, and what I will call "well configured" M365/Defender/Exchange Online Protection policies. As far as I am aware, the script is still be using today successfully by my old MSP.

I assume you looked over the script and modified it to suit, but you will note it's making some transport rules, it has an array of domains to be excluded for Safe Links, and it creates a Safe Links Policy. 

It also adds some AntiPhish domain exclusions, and some AntiPhish email address policies.

Finally, it adds the domains in the Hosted Content Filter Policy.

I troubleshooted this for a long time, and it was not until we did all of these things that Microsoft would actually leave the emails alone, based on how we had configured M365. In case it helps, they were largely based around the recommendations from https://www.itpromentor.com/

I'd suggest looking over the script, making sure the IP addresses in there and domains match whatever PhishThreat is telling you to exclude today, look for errors when you ran the script, and double check that what the script is setting, actually did get applied (and doesn't conflict with anything else you already have configured).

Let me know how you get on and I can check in to see if this script is still working as planned for my old MSP.

All the best,