Oct 24 2021 12:35 AM
Hello MSFT Team,
Normally every quarterly we perform the third party phishing attack simulator in the Organization to educate the end user's but this time all the phishing testing emails are getting quarantined by marking as high phishing.
After searching on the google found below link to use O365 advanced delivery policy for third party phishing. In the advanced delivery policy we have added:
Domain : added sending domain
Sending IP : added sending IP
Simulation URLs to allow : added simulation URLs as well
Followed the above msft blog and added the rule successfully but still the testing phishing emails are getting quarantined and marked as high phish.
But one thing has been observed that third party phishing simulator is hosted on amazonses.com and sending domain is different but we have added only the sending domain.
Do I need to add the amazonses.com domain as well in advanced delivery policy.
Please can someone shed some light on it as I searching lot of blogs on advanced delivery policy but found nothing.
Any help really appreciated.
Regards
Anand Sunka
Oct 26 2021 08:39 AM
Hi @ANAND_SUNKA, please open a support case so that our engineering team can investigate further, look at the configuation of your tenant and provide our recommendation here.
Oct 28 2021 08:26 AM
Nov 08 2021 08:09 AM
Nov 10 2021 12:07 AM
Nov 10 2021 10:34 AM
Jun 22 2022 02:58 PM
The Microsoft Defender for Office (MDO) Advanced Deployment Guide in the M365 Admin Center has configuration steps that cover this Attack Simulator topic area.
In addition to covering this Attack Simulator topic area, the MDO Advanced Deployment Guide also covers Licensing, Safe Links, Safe Attachments, and Threat Tracker configuration and deployment topics.
Please note that you will need to have Tenant Admin login permissions to the M365 Admin Center to view the MDO Advanced Deployment Guide.