Third-party phishing simulation configuration not working?

New Contributor



I'm trying to set up the whitelist for a phishing simulation using a third-party service and have followed this :

The sending domain, IP, and phishing URLs are configured properly.


In the Explorer, when I look at the email, the "Primary Override : Source" does say "Allowed by organization policy : Phishing Simulation", and the URL are flagged as "Threat: Spam" but also have "Details:

URL allowed by tenant policy" which seems normal.
I have also added the URLs to the Safe Links configuration.
However, whenever I click on the link in the emails, I get blocked by the Safe Links protection. How come both the Phishing simulation and the Safe Links whitelisting do not prevent that URL from being scanned and blocked? Have I missed something?
To clarify, what I want is for my phishing simulation emails (and the URLs included) not to get scanned, filtered or replaced at all.
0 Replies