How to allow-listing in Microsoft 365

You should allow-list RiskBuddy IP addresses and domains to ensure that your training and simulated phishing emails get delivered to your end users successfully. In Microsoft 365, you can do this in the Security Portal.

This guide will show you how to:

• Allow-listing by IP address in Microsoft 365
• Allow-list by domain in Microsoft 365
• Allow-list by IP address in Microsoft Exchange 2013 & 2016
  • Setting up your IP allow list
  • Bypassing the clutter and spam filters

Allow-listing by IP address in Microsoft 365

1. Go to the M365 Security Portal - https://security.microsoft.com/
2. Expand Email & Collaboration in the sidebar on the left and navigate to Policies & rules > Threat Policies > Anti-spam
3. Click Connection filter policy and then Edit connection filter policy on the fly out
4. Add the IP addresses below to the Always allow messages from the following IP addresses or address range field

198.21.6.191
168.245.56.242
 99.80.168.14

Finally, Click Save to enable the new settings.

IMPORTANT NOTE: Your emails may still be stopped by Microsoft 365 Quarantine. Phishing simulations may also be stopped if they are tagged as High Confidence Phish. Follow the instructions in the articles below to ensure your emails are delivered.

• For phishing simulations or "High Confidence Phish" emails, learn how to ensure your phishing simulations are delivered with Advanced Delivery
• For system emails, learn how to stop emails from being caught in O365 Quarantine

Allow-list by domain in Microsoft 365

1. Go to the M365 Security Portal - https://security.microsoft.com/
2. Expand Email & Collaboration in the sidebar on the left and navigate to Policies & rules > Threat Policies > Anti-spam
3. Click Anti-spam inbound policy and then scroll to the bottom of the fly out and click Edit allowed and blocked senders and domains
4. This will open the Allowed and blocked senders and domains screen. Click the Allow Domains link
5. Click Add Domains on the Manage allowed domains
6. Enter each of our domains that you wish to allow - our full list of supported domains can be found here
7. When you’ve finished adding domains, click Add domains at the bottom of the fly out
8. Finally, click Done then Save to enable the new settings

IMPORTANT NOTE: Your emails may still be stopped by Office 365 Quarantine. To stop emails from going into quarantine, follow the steps outlined in the article below:

• Learn how to stop emails from being caught in O365 Quarantine

Allow-list by IP address in Microsoft Exchange 2013 & 2016

This is the old guide to whitelisting in O365 using previous versions of Microsoft Exchange.

Setting up your IP allow list

1. Log in to the Admin portal on your Office 365 mail server
2. Navigate to Admin centers > Exchange in the left-hand menu
3. Under protection, click connection filter
4. Click the pencil icon on the top left of the connection filter screen
5. Click connection filtering on the left-hand men
6. Under IP Allow list, click the + sign
7. The Add allowed IP address window will now open. Add the IP addresses 198.21.6.191, 168.245.56.242 & 99.80.168.14
8. Click OK
9. Click Save
10. 
    

Please note that the connection filter option under protection will not be available unless antispam functionality is not enabled on your mailbox server. You can find instructions on how to enable that on Exchange 2016/2019 here and on for Exchange 2013 here. If you don't wish to do this due to the impact it could have on your organisation, you can find instructions on how update the IP allow list via powershell here.

Bypassing the clutter and spam filters

1. Log in to the Admin portal on your Office 365 mail server
2. Navigate to Admin centers > Exchange in the left-hand menu
3. Click mail flow on the left-side menu
4. Click the + sign on the top left of the mail flow page, and select Bypass spam filtering… from the drop-down menu
5. In the new rule window, give your filtering rule a name (such as ‘Training and Simulated Phishing Bypass’)
6. Click on the drop-down menu under Apply this rule if… and choose IP address is in any of these ranges or exactly matches
7. In the window that opens up, add the RiskBuddy IP addresses: 198.21.6.191, 168.245.56.242 & 99.80.168.14
8. Click OK to close the window
9. Ensure that the Do the following… field is set to Set the spam confidence level (SCL) to… and that Bypass spam filtering is set on the right
10. Scroll down to the Match sender address in message option, and select Envelope from the drop-down menu
11. Click Save

It is a good idea to enrol yourself on a course first to test that emails are being delivered successfully through the spam filter.

If you still have trouble receiving training, reminder or simulated phishing emails from the RiskBuddy app, please contact support. 

Note: allow-listing is also alternatively referred to as white-listing or whitelisting.