Conducting a successful security awareness campaign requires full, uninterrupted delivery of the phishing simulation emails to all recipients.
This guide will outline the necessary settings to modify in Microsoft Defender to make sure the simulation emails will be delivered and not quarantined by Defender or sent to “Junk”.
Navigating to “threat policies”
First, log into the O365 security portal.
Then, select “Policies & rules” from the left side navigation, and click on “Threat policies“.
Creating new phishing simulation identities
In the “Advanced delivery” section, click on the “Phishing Simulation” tab and then click on “Add“.
Adding the Trustifi values
Under “Domain” add the following: p.trustifisimulation.com
Under “Sending IP” add the Trustifi simulation IPs: 3.227.182.193 and 54.161.96.109
To finish, click on “Add“.
Navigating to “Mail flow rules”
If you are using the Trustifi inbound relay, you will need to add the Trustifi simulation IPs as an exception in the Trustifi inbound mail flow rule.
First, open the Exchange Admin Center and navigate to the Mail Flow Rules page.
Editing the Trustifi inbound rule
Find the mail flow rule for the Trustifi inbound relay, click on it, and then click on “Edit rule conditions”.
Modifying the rule exception IPs
Scroll down to the bottom of the rule conditions and find the IP-based exception.
Now click on the pencil icon next to the IPs to modify them.
Adding the Trustifi simulation IPs
Add the Trustifi simulation IPs to the exception IP list (54.161.96.109 and 3.227.182.193) and click on “Save“.