Microsoft 365 quarantines some emails automatically.

To prevent your system emails (e.g. course enrolments) from being stuck in M365 / Exchange quarantine, you can use an email header to allow-list your platform emails.

IMPORTANT NOTE: This method previously worked for phishing simulations. However Microsoft now block quarantine bypass mail flow rules on any email flagged as a "High Confidence Phish". Microsoft introduced Advanced Delivery to help ensure delivery of phishing simulations, you can find instructions to set that up here.

Note: This will not stop your platform emails from going into the Spam or Junk inbox, but will only stop them from being stuck in the M365 quarantine.

To do this, you will need to:

• Add an email message header in RiskBuddy settings

• Set up a mail follow rule in Exchange Admin Centre

To make the rule more robust and certain to work, you should also:

• Add an IP address condition to your Microsoft 365 quarantine bypass rule

How to add an email message header to use in allow-listing

1. Open a support ticket with RiskBuddy support either clicking 'Submit Ticket' in the top right corner or by clicking 'Help' in the platform.

2. Request the setup of an X-HEADER for your phishing campaigns. Our team will get back to you shortly with your 'X-HEADER' name and value to use in the steps below.

Next, you will need to add exceptions for the header name and value in your Microsoft 365 settings.

How to set up a mail flow rule to bypass spam and quarantine filtering in Microsoft 365

1. Open Exchange Admin Center and go to Mail Flow -> Rules

2. Click on the plus sign (+) dropdown and select Bypass Spam Filtering

3. Enter a name for your rule in the new window that pops open.

4. Click on the Apply this rule if… dropdown and select A message header... -> includes any of these words

6.  Click Enter text...

7. In the window that pops open, enter the header name you set in your platform settings and click OK.

8. Click Enter words...

9. Enter the header value you set in your platform settings into the field and click the plus symbol to add it to the list. Then click OK to update the condition.

10. Ensure that the “Do the following…” option is to “Set the spam confidence level (SCL) to..” and the text “Bypass spam filtering” appears on the right.

11. Click add action under "Do the following" and select Modify the message properties... -> Set a message header

12. Click the first Enter text link and enter the below into the “message header” field before clicking OK

X-MS-Exchange-Organization-BypassClutter

13. Click the second Enter text link and enter “true” in the “header value” field then click OK.

14. Review your rule to ensure it is correct. Click Save to finish creating your mail flow rule.

You should also add an IP address rule to help ensure your whitelisting works correctly.

How to add an IP address condition to your Microsoft 365 quarantine bypass rule

For a more robust bypass rule you can restrict it to emails sent from the usecure mail server IP addresses. This is more likely to ensure that your emails always get delivered.

1. Select your bypass rule in Exchange Admin Center and click the edit button (pencil).

2. Click add condition and select The sender… -> IP address is in any of these ranges or exactly matches

The “specify IP address ranges” window should open automatically. If it doesn't, click Enter IPv4 or IPv6 addresses...

3. Paste each of the IP addresses below into the field, and press the plus sign (+) after each one.

• 198.21.6.191

• 168.245.56.242

• 99.80.168.14

4. Click OK to add the IPs.

5. Now click Save to finish adding the IP address condition to your mail flow rule.