I'm trying to set up the whitelist for a phishing simulation using a third-party service and have followed this : https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing...
The sending domain, IP, and phishing URLs are configured properly.
In the Explorer, when I look at the email, the "Primary Override : Source" does say "Allowed by organization policy : Phishing Simulation", and the URL are flagged as "Threat: Spam" but also have "Details:
URL allowed by tenant policy" which seems normal.
I have also added the URLs to the Safe Links configuration.
However, whenever I click on the link in the emails, I get blocked by the Safe Links protection. How come both the Phishing simulation and the Safe Links whitelisting do not prevent that URL from being scanned and blocked? Have I missed something?
To clarify, what I want is for my phishing simulation emails (and the URLs included) not to get scanned, filtered or replaced at all.