IP/Domain Whitelist in Microsoft 365

Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.

To ensure successful delivery of Phish Threat emails and completion of Phish Threat campaigns, follow these steps to make necessary changes in Microsoft's Advanced delivery settings.

In Microsoft 365 admin center, go to ‘Security’

 

Then, under ‘Policies and Rules’, go to ‘Threat Policies’

 

Click on ‘Advanced delivery’ and then ‘Phishing simulation’

Under Phishing simulation, make the following additions:


Added notes (31-Aug-2022):
Based on the latest tests, we have seen that in some cases with Mailflow configurations, Microsoft still blocks some of the phish simulations emails. To mitigate this, the Sophos IP ranges for the respective regions must be added under Advanced Delivery in M365 admin centre (screenshot above).
The link below has the list of Sophos IP ranges for different regions. You should add only the range specific to your respective regions.


Removed KB
[edited by: emmosophos at 12:22 AM (GMT -8) on 28 Jan 2023]
Parents
  • Just to be fair. We had a meeting today with Sophos and follows all the steps.

    They told us, that this settings described above does not work and are not needed.

    We used the Script from "Aaron Jacobs" who they said is a Sophos Employee to configure our tentant.

    OWA still blocks the Safe Links and we and they had now idea.

    For now we are still on hold and wait until monday if there is some exchange online magic that will happen :)

  • Hi Michael,

    I think I have the same issues like you, Did you find a fix together with Sophos till now?

    I tried everything in Office365 from normal transport rules with SPAM filtering set to -1 to a whole new phishing campaign policy but even the test e-mails are still marked as spam.  I entered every IP address for my region which they marked on their website as well (besides the two 54er ones which are marked in the Phish Threat campaign in Sophos Central) but till now I was unable to fix that. 

  • No sorry, i still do not have a solution for OWA. OWA runs into safe links whatever i do.

  • Hi again, 

    after a few discussions with Sophos.... only Microsoft could help and I can gladly say that together with Mr. David Kreid from Microsoft Exchange Support I solved the problem today. 

    We expanded the IP range of the phishing simulation to 94.140.18.200-94.140.18.254 for the German region and added all domains which Sophos mentions in their sending domains and IP's list in Sophos Central as URLs!!

    For example we added the mail-sender.online as an URL using ~mail-sender.online~ after this I finally received my test phishing mail. 

    Maybe this works for you too!

Reply
  • Hi again, 

    after a few discussions with Sophos.... only Microsoft could help and I can gladly say that together with Mr. David Kreid from Microsoft Exchange Support I solved the problem today. 

    We expanded the IP range of the phishing simulation to 94.140.18.200-94.140.18.254 for the German region and added all domains which Sophos mentions in their sending domains and IP's list in Sophos Central as URLs!!

    For example we added the mail-sender.online as an URL using ~mail-sender.online~ after this I finally received my test phishing mail. 

    Maybe this works for you too!

Children