Forum Discussion
Attack Simulation Phishing Tool - IP whitelist
I'm trying to find IP's or domains to whitelist when using the Attack Simulation Phishing Tool. We currently use proofpoint but are planning to move into O365/Exchange online. Would a whitelist for MS's own simulation tool be needed once we move away from Proofpoint?
The list of URLs is here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide
It hasn't changed for some time. I can't say I recollect looking at the name-to-IP resolution. You need to make sure that any third-party web proxy or next-generation firewall you have does not block the URLs you chose for your payloads.Of course, if your users get very competitive about their results (or even routinely do a thorough job of checking, heaven be praised, a minor miracle) then they may find that Learn page with a Search.
Thanks for the response. I may have been unclear in my original message. What I'm looking for is the IP's that the emails will be originating from, not the URL's in the payload/simulation. If our security tools flag the emails from the microsoft attack simulation phishing tool as malicious, I'd like to whitelist the IP's that the emails originate from.
- There won't be any source IP addresses. The simulated phishes are written directly into the recipient mailboxes. There is no conventional delivery process.
For numerous reasons, you should run a preliminary test just phishing yourself or a very small number of trustworthy colleagues. This will allow you to confirm that the delivery is indeed "invisible". You can also check that your landing zone and notifications work correctly, that your payload URLs are not suddenly blocked and that any remedial training you may have specified is presented correctly.
