cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Advanced Delivery for third party phishing attack scenario

ANAND_SUNKA
Copper Contributor

‎Oct 24 2021 12:35 AM

‎Oct 24 2021 12:35 AM

Advanced Delivery for third party phishing attack scenario

Hello MSFT Team,

 

Normally every quarterly we perform the third party phishing attack simulator in the Organization to educate the end user's but this time all the phishing testing emails are getting quarantined by marking as high phishing.

After searching on the google found below link to use O365 advanced delivery policy for third party phishing. In the advanced delivery policy we have added:

Domain : added sending domain
Sending IP : added sending IP
Simulation URLs to allow : added simulation URLs as well

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-deliv...


Followed the above msft blog and added the rule successfully but still the testing phishing emails are getting quarantined and marked as high phish.

 

But one thing has been observed that third party phishing simulator is hosted on amazonses.com and sending domain is different but we have added only the sending domain.

Do I need to add the amazonses.com domain as well in advanced delivery policy.

 

Please can someone shed some light on it as I searching lot of blogs on advanced delivery policy but found nothing.

 

Any help really appreciated.

 

Regards

Anand Sunka

 

Labels:
8,728 Views
0 Likes
6 Replies
Reply
6 Replies
Sundeep_Saini

‎Oct 26 2021 08:39 AM

‎Oct 26 2021 08:39 AM

Re: Advanced Delivery for third party phishing attack scenario

Hi @ANAND_SUNKA, please open a support case so that our engineering team can investigate further, look at the configuation of your tenant and provide our recommendation here.

 

0 Likes
Reply
ANAND_SUNKA

‎Oct 28 2021 08:26 AM

‎Oct 28 2021 08:26 AM

Re: Advanced Delivery for third party phishing attack scenario

Hi Sundeep_Saini,
Thanks for the reply.
I have resolved the issue by looking at 5321.fromadress and whitelisted that address and issue got resolved.

But now we are facing different issue with url's getting blocked by using ATP policies.
I have whitelisted the urls in Advanced delivery as well as in ATP safe links policy.
But still no luck.

Why does the adavanced delivery urls whitelisted is not working.
Any help really appreciated.


Regards
Anand Sunka
0 Likes
Reply
kazaki82

‎Nov 08 2021 08:09 AM

‎Nov 08 2021 08:09 AM

Re: Advanced Delivery for third party phishing attack scenario

I have faced the same issue with 3rd party simulator also it is showing false reports i added the list of domains,Ip and urls and specially the from address in the header it worked. But now it is giving false reporting i guess microsft is mentioning that despite of any configuration they will inspect the mail
You can't bypass malware filtering or ZAP for malware
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-deliv...
0 Likes
Reply
ANAND_SUNKA

‎Nov 10 2021 12:07 AM

‎Nov 10 2021 12:07 AM

Re: Advanced Delivery for third party phishing attack scenario

Hi Kazaki82,
Thanks for the update in my scenario I was using third party phishing simulation hosted at amazonses.com and it got 2 From addresses where I was blocking only the single from address.
That's why the issue was happened.
But after whitelisting the second from address my issue was resolved.

Yes as you said we can't bypass malware filtering or ZAP as they implemented secure by default.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default?view=o...

Anyways thank you.

Regards
Anand Sunka
0 Likes
Reply
kazaki82

‎Nov 10 2021 10:34 AM

‎Nov 10 2021 10:34 AM

Re: Advanced Delivery for third party phishing attack scenario

This very know the third party I think u mean cofense
0 Likes
Reply
KentMitchell

‎Jun 22 2022 02:58 PM

‎Jun 22 2022 02:58 PM

Re: Advanced Delivery for third party phishing attack scenario

The Microsoft Defender for Office (MDO) Advanced Deployment Guide in the M365 Admin Center has configuration steps that cover this Attack Simulator topic area.

 

MDE Attack Simulator.JPGIn addition to covering this Attack Simulator topic area, the MDO Advanced Deployment Guide also covers Licensing, Safe Links, Safe Attachments, and Threat Tracker configuration and deployment topics. 

 

Please note that you will need to have Tenant Admin login permissions to the M365 Admin Center to view the MDO Advanced Deployment Guide.

0 Likes
Reply