Whitelisting Human Risk Module IPs and Domains in Microsoft 365 (O365)

Ensuring that phishing simulations and security awareness training emails reach your users without being blocked is essential for an effective cybersecurity program. Microsoft 365 (O365) security filters may mistakenly classify these emails as spam or phishing attempts. To prevent this, you need to whitelist specific IP addresses and domains within Exchange and the Microsoft 365 Security Portal.

By following this guide, you will:
Ensure phishing simulations and security training emails reach users' inboxes.
Prevent important security awareness messages from being marked as spam.
Improve the effectiveness of your cybersecurity training initiatives.

Step 1: Whitelisting IP Addresses and Domains in Exchange Admin Center

1. Log in to Exchange Admin Center

• Go to Exchange Admin Center.

• Sign in with your administrator credentials.

2. Create a Whitelisting Rule in Mail Flow

1. Navigate to Mail Flow > Rules.

2. Click on Add Rule > Create Rule.

3. Enter the rule name: Hoplon Whitelisting.

4. Configure the rule conditions as follows:

   Condition 1: Whitelist by IP Address

   • Under Apply this rule if, select The sender.

   • Choose IP address is in any of these ranges or exactly matches.

   • Enter the following IP addresses:

     • 198.21.6.191

     • 168.245.56.242

     • 99.80.168.14

5. Set the Action:

   • Under Do the following, choose Modify the message properties.

   • Select Set the spam confidence level (SCL) and set it to Bypass spam filtering.

6. Configure the rule conditions as follows:

   Condition 2: Whitelist by Domain

   • Click Add condition.

   • Under Apply this rule if, select The sender.

   • Choose Domain is and enter the domains:

     • leocybsec.com

     • user-training.com

7. Set the Action:

   • Under Do the following, choose Modify the message properties.

   • Select Set the spam confidence level (SCL) and set it to Bypass spam filtering.

8. Click Save to apply the rule.

This configuration ensures that emails from the specified IPs and domains bypass spam filters and reach users' inboxes

Step 2: Whitelisting Domains in Microsoft 365 Security Portal

1. Log in to the Microsoft 365 Security Portal

• Go to Microsoft 365 Security Portal.

• Sign in with your administrator credentials.

2. Modify Anti-Spam Policies

1. Expand Email & Collaboration in the left sidebar.

2. Navigate to Policies & rules > Threat Policies > Anti-spam.

3. Select the Inbound policy that you are using.

4. Locate the Allowed and blocked senders and domains section.

5. Click on Edit allowed and blocked senders and domains.

6. Under Allow domains, enter the following:

   • user-training.com

   • leocybsec.com

   • hoplon.user-training.com

7. Click Save to apply the changes.

Final Thoughts

By implementing these whitelisting rules in Exchange and the Microsoft 365 Security Portal, you ensure that security awareness training emails and phishing simulations are effectively delivered to users. This prevents unnecessary filtering and supports a strong cybersecurity culture within your organization.

If you need further assistance, let us know!