To ensure CanIPhish can effectively simulate phishing campaigns, you will need to allowlist our emails. We highly recommend this method for allowlisting as it's been explicitly created by Microsoft for the purpose of conducting phishing simulations.
Note: If you find that website links are being re-written and lead to a "suspicious website" page after allowlisting, your organisation may need to add additional attachment and URL exemptions. To enable these exemptions please see our support article: Allowlisting - Bypass Safe Link/Attachment Processing of M365 Advanced Threat Protection (ATP)
Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy
Note: Prefer to use PowerShell? Use our prepared script
1. Login to Microsoft 365 Defender at the following link to go straight to the Phishing Simulation allowlisting form: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
Note: This form can also be accessed by going to https://security.microsoft.com/ and clicking through Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation
2. Click Edit or If there are no configured phishing simulations, click Add.
3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:
Sending Domain:
Note: If you've white-labeled CanIPhish, replace learn.caniphish.com with the learner portion of your white-labeled domain (e.g. learn.phish.mybusiness.com). Under rare circumstances, if allowlisting is not functioning, you may need to allowlist simulation.caniphish.com and outbound.caniphish.com.
alerting-services.com
authwebmail.com
cloud-notification-services.com
securesupportcloud.com
office-365-notifications.com
webnotifications.net
paypaypal.net
cmail31.com
learn.caniphish.com (Optional)
simulation.caniphish.com (Optional)
outbound.caniphish.com (Optional)
Sending IP:
3.106.21.22
13.237.47.221
Simulation URLs to allow:
authwebmail.com/*
*.authwebmail.com/*
cmail31.com/*
*.cmail31.com/*
securesupportcloud.com/*
*.securesupportcloud.com/*
webnotifications.net/*
*.webnotifications.net/*
alerting-services.com/*
*.alerting-services.com/*
Note: All the above domains and IP addresses are under the sole control of CanIPhish. As such we can ensure that no unintended emails will originate from these IPs and domains after allowlisting occurs.
4. When you're finished, click Add/Save and then click Close.
Note: Allowlisting may take up to an hour to take effect.
All done! Allowlisting can be tricky... should you have any difficulties, please don't hesitate to contact us.
Troubleshooting: If you run into issues with emails continuing to go to spam/quarantine folders. You may have Microsoft Advanced Threat Protection (ATP) enabled which may require additional allowlisting. Please see our guide here to Bypass Safe Link/Attachment Processing of M365 ATP.
If issues still continue, try out our Microsoft 365 Direct Email Injection integration which bypasses the need for allowlisting.
PowerShell Allowlisting Script
Want to automate the deployment of CanIPhish allowlisting? Use our prepared PowerShell script below.
# CanIPhish - Allowing - Use M365 Defender to allow a Phishing Simulation
# https://help.caniphish.com/hc/en-us/articles/4407031804687-Allowlisting-Use-M365-Defender-to-allow-a-Phishing-Simulation
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
Get-PhishSimOverridePolicy
New-ExoPhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains alerting-services.com,authwebmail.com,cloud-notification-services.com,securesupportcloud.com,office-365-notifications.com,webnotifications.net,paypaypal.net,cmail31.com,learn.caniphish.com,simulation.caniphish.com,outbound.caniphish.com -SenderIpRanges 3.106.21.22,13.237.47.221
New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries authwebmail.com/*,*.authwebmail.com/*,cmail31.com/*,*.cmail31.com/*,securesupportcloud.com/*,*.securesupportcloud.com/*,webnotifications.net/*,*.webnotifications.net/*,alerting-services.com/*,*.alerting-services.com/* -NoExpiration
Get-ExoPhishSimOverrideRule
Comments
2 comments
Good day sir! Please I'm unable to sign in with Microsoft 365 defender and I don't know what's wrong with it please help me out
Hi Ottogary,
Thanks for reaching out. Could I please confirm what subscription you have with Office 365 (e.g. E1, E3, E5 license, etc.)
Regards,
Sebastian
Please sign in to leave a comment.