Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Third-party phishing simulation configuration not working?

Copper Contributor



I'm trying to set up the whitelist for a phishing simulation using a third-party service and have followed this :

The sending domain, IP, and phishing URLs are configured properly.


In the Explorer, when I look at the email, the "Primary Override : Source" does say "Allowed by organization policy : Phishing Simulation", and the URL are flagged as "Threat: Spam" but also have "Details:

URL allowed by tenant policy" which seems normal.
I have also added the URLs to the Safe Links configuration.
However, whenever I click on the link in the emails, I get blocked by the Safe Links protection. How come both the Phishing simulation and the Safe Links whitelisting do not prevent that URL from being scanned and blocked? Have I missed something?
To clarify, what I want is for my phishing simulation emails (and the URLs included) not to get scanned, filtered or replaced at all.
3 Replies

@Guilguil Any solution here?

We are in the same situation right now.


I can add Domains and IPs and also click "save" but after that, it doesnt add anything.

Hi @tbhellaz 

So it sounds like the email is getting through but the link is still triggering Windows Smartscreen via safelinks. Could you try going to > Settings > Endpoints. Within here you will see "Indicators" under the rule menu. Here you will see an option of "URLs/Domains" in which you will add your domain with the "Allow" action. This sync can take a while in my experience, clear cookies a few times and see if this helps.

@keenanbrooks Hi, thanks for answereing.

No, thats not what happening.


What i want to do is use the third party phising simulation config.

I an trying to add domains and ips. I can add them in the setup but when i click save it doesnt save anything.


Cant describe it much better, its the same problem the TE has.