Forum Discussion

Guilguil's avatar
Guilguil
Copper Contributor
Apr 13, 2023

Third-party phishing simulation configuration not working?

Hello,

 

I'm trying to set up the whitelist for a phishing simulation using a third-party service and have followed this : https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide#use-the-microsoft-365-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy

The sending domain, IP, and phishing URLs are configured properly.

 

In the Explorer, when I look at the email, the "Primary Override : Source" does say "Allowed by organization policy : Phishing Simulation", and the URL are flagged as "Threat: Spam" but also have "Details:

URL allowed by tenant policy" which seems normal.
I have also added the URLs to the Safe Links configuration.
However, whenever I click on the link in the emails, I get blocked by the Safe Links protection. How come both the Phishing simulation and the Safe Links whitelisting do not prevent that URL from being scanned and blocked? Have I missed something?
 
To clarify, what I want is for my phishing simulation emails (and the URLs included) not to get scanned, filtered or replaced at all.
Thanks
microsoft defender for office 365

3 Replies

Sort By
  • tbhellaz's avatar
    tbhellaz
    Copper Contributor
    Feb 05, 2024

    Guilguil Any solution here?

    We are in the same situation right now.

     

    I can add Domains and IPs and also click "save" but after that, it doesnt add anything.

    • keenanbrooks's avatar
      keenanbrooks
      Brass Contributor
      Feb 05, 2024

      Hi tbhellaz 

      So it sounds like the email is getting through but the link is still triggering Windows Smartscreen via safelinks. Could you try going to security.microsoft.com > Settings > Endpoints. Within here you will see "Indicators" under the rule menu. Here you will see an option of "URLs/Domains" in which you will add your domain with the "Allow" action. This sync can take a while in my experience, clear cookies a few times and see if this helps.

      • tbhellaz's avatar
        tbhellaz
        Copper Contributor
        Feb 05, 2024

        keenanbrooks Hi, thanks for answereing.

        No, thats not what happening.

         

        What i want to do is use the third party phising simulation config.

        I an trying to add domains and ips. I can add them in the setup but when i click save it doesnt save anything.

         

        Cant describe it much better, its the same problem the TE has.

         

Resources