To ensure CanIPhish can effectively simulate phishing campaigns, you will need to allowlist our emails. We highly recommend this method for allowlisting as it's been explicitly created by Microsoft for the purpose of conducting phishing simulations.
Note: If you find that website links are being re-written and lead to a "suspicious website" page after allowlisting, your organisation may need to add additional attachment and URL exemptions. To enable these exemptions please see our support article: Allowlisting - Bypass Safe Link/Attachment Processing of M365 Advanced Threat Protection (ATP)
Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy
1. Login to Microsoft 365 Defender at the following link to go straight to the Phishing Simulation allowlisting form: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
Note: This form can also be accessed by going to https://security.microsoft.com/ and clicking through Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation
2. Click Edit or If there are no configured phishing simulations, click Add.
3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:
- Sending Domain:
- Sending IP:
- Simulation URLs to allow:
Note: All the above domains and IP addresses are under the sole control of CanIPhish. As such we can ensure that no unintended emails will originate from these IPs and domains after allowlisting occurs.
4. When you're finished, click Add/Save and then click Close.
Note: Allowlisting may take up to an hour to take effect.
All done! Allowlisting can be tricky... should you have any difficulties, please don't hesitate to contact us.