Forum Discussion
Attack Simulation Phishing Tool - IP whitelist
The list of URLs is here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide
It hasn't changed for some time. I can't say I recollect looking at the name-to-IP resolution. You need to make sure that any third-party web proxy or next-generation firewall you have does not block the URLs you chose for your payloads.
Of course, if your users get very competitive about their results (or even routinely do a thorough job of checking, heaven be praised, a minor miracle) then they may find that Learn page with a Search.
Thanks for the response. I may have been unclear in my original message. What I'm looking for is the IP's that the emails will be originating from, not the URL's in the payload/simulation. If our security tools flag the emails from the microsoft attack simulation phishing tool as malicious, I'd like to whitelist the IP's that the emails originate from.
- There won't be any source IP addresses. The simulated phishes are written directly into the recipient mailboxes. There is no conventional delivery process.
For numerous reasons, you should run a preliminary test just phishing yourself or a very small number of trustworthy colleagues. This will allow you to confirm that the delivery is indeed "invisible". You can also check that your landing zone and notifications work correctly, that your payload URLs are not suddenly blocked and that any remedial training you may have specified is presented correctly.- Ok great, yes we have run successful preliminary phishing tests. I figured this was going to be some sort of direct delivery vs a "traditional" phishing tool that sends from mail servers outside of the network. Thanks for the info.
By chance is there any documentation that gets into the weeds on how the phishing tool orchestrates these tasks (white papers etc?). Thanks again.