Forum Discussion
Advanced Delivery for third party phishing attack scenario
Hello MSFT Team,
Normally every quarterly we perform the third party phishing attack simulator in the Organization to educate the end user's but this time all the phishing testing emails are getting quarantined by marking as high phishing.
After searching on the google found below link to use O365 advanced delivery policy for third party phishing. In the advanced delivery policy we have added:
Domain : added sending domain
Sending IP : added sending IP
Simulation URLs to allow : added simulation URLs as well
Followed the above msft blog and added the rule successfully but still the testing phishing emails are getting quarantined and marked as high phish.
But one thing has been observed that third party phishing simulator is hosted on amazonses.com and sending domain is different but we have added only the sending domain.
Do I need to add the amazonses.com domain as well in advanced delivery policy.
Please can someone shed some light on it as I searching lot of blogs on advanced delivery policy but found nothing.
Any help really appreciated.
Regards
Anand Sunka
- KentMitchell
Microsoft
The Microsoft Defender for Office (MDO) Advanced Deployment Guide in the M365 Admin Center has configuration steps that cover this Attack Simulator topic area.
In addition to covering this Attack Simulator topic area, the MDO Advanced Deployment Guide also covers Licensing, Safe Links, Safe Attachments, and Threat Tracker configuration and deployment topics.
Please note that you will need to have Tenant Admin login permissions to the M365 Admin Center to view the MDO Advanced Deployment Guide.
- Sundeep_Saini
Hi ANAND_SUNKA, please open a support case so that our engineering team can investigate further, look at the configuation of your tenant and provide our recommendation here.
- Hi Sundeep_Saini,
Thanks for the reply.
I have resolved the issue by looking at 5321.fromadress and whitelisted that address and issue got resolved.
But now we are facing different issue with url's getting blocked by using ATP policies.
I have whitelisted the urls in Advanced delivery as well as in ATP safe links policy.
But still no luck.
Why does the adavanced delivery urls whitelisted is not working.
Any help really appreciated.
Regards
Anand Sunka- I have faced the same issue with 3rd party simulator also it is showing false reports i added the list of domains,Ip and urls and specially the from address in the header it worked. But now it is giving false reporting i guess microsft is mentioning that despite of any configuration they will inspect the mail
You can't bypass malware filtering or ZAP for malware
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-worldwide
