If your organization uses Microsoft Defender for Endpoint, Microsoft Defender XDR, or other Microsoft Web Protection products, your employees may experience issues with loading our simulated phishing websites.
Either a red blocked screen, or a little pop-up from Windows Defender may when attempting to load our simulated phishing websites.
Windows Defender Blocked Popup
Microsoft SmartScreen Blocked Screen
The reason access is blocked is due to the category Microsoft has marked these domains under. To allowlist CanIPhish phishing websites, please follow the below guide.
Allowlisting CanIPhish Websites
It's possible to override the blocked category in web content filtering to allow a single site by creating a custom indicator policy. The custom indicator policy will supersede the web content filtering policy when it's applied to the device group in question.
To define a custom indicator, follow these steps:
- In the Microsoft Defender portal, go to Settings > Endpoints > Indicators > URL/Domain > Add Item. (Or click here - https://security.microsoft.com/securitysettings/endpoints/custom_ti_indicators?childviewid=url)
- One-by-one, enter the following CanIPhish phishing website domains with an expiration of your choosing and ensuring the "Allow" action is specified for all devices in your organization:
Note: Or simply Import this CSV allowlist to speed things up: https://caniphish.s3.ap-southeast-2.amazonaws.com/PublicCollateral/CanIPhish_Website_Allowlist_Indicators.csv
- authwebmail.com
- cmail31.com
- securesupportcloud.com
- webnotifications.net
- alerting-services.com
All done! It takes time for Microsoft to propogate these changes so please wait 1-2 hours for this policy to take effect.
Comments
0 comments
Please sign in to leave a comment.