Whitelisting Simulation Emails

Updated 2 months ago by admin

Below is a short guide on how to allow phishing simulation emails through to users' inboxes on Office 365. This guide will show you how to create a rule on Microsoft 365 Exchange that will allow through all the required email domains that the phishing simulations use.

Before starting please make sure you are a global Administrator within Mirosoft 365.

  1. Navigate to 365 Exchange https://admin.exchange.microsoft.com/
  2. Expand the 'Mail Flow' tab on the left.
  3. Select 'Rules'.
  4. Under 'Rules', select the '+' icon, and then on the dropdown box, select 'Bypass spam filtering...'.
  5. Name the rule as 'SAT Domain allow'.
  6. Under '*Apply this rule if...' select 'the sender is' and then 'domain is' as shown below:
  1. In the 'Specify Domain' box, you will need to add the domains, making sure to click the '+' icon after each domain to add it to the list, and then click 'Ok' once finished. 

Please see below for the current list of domains we provide:

uk.sat.clouduss.com

nhs-antibodytest.co.uk

just-eat-voucher.co.uk

noreply-linkedinverify.co.uk

noreply-amazon.co.uk

dpdupdates.co.uk

dropbox-notifications.co.uk

microsoft-notifications.co.uk

netflix-password.co.uk

netflixnotifications.co.uk

noreply-deliveroocredit.co.uk

noreply-hmrcupdate.co.uk

noreply-microsoftpasswordreset.co.uk

noreply-ubercredit.co.uk

gmaillogin.co.uk

google-notifications.co.uk

dhlshipping.co.uk

noreply-amazon.co.uk

who-travel-updates.com

royaal-maill.com

netflix-update-details.com

fed-ex-parcels.com

microsoft-security-alerts.com

coffee-vouchers.com

hr-staff-updates.com

staff-payroll-updates.com

  1. Under 'Do the following...', select 'Modify the message properties...' and then 'Set the spam confidence level (SCL)' as shown below:
  1. Leave the remaining settings as default and click save.
  2. After the window has closed, move the priority of the rule to '0' using the upwards-facing arrow key as shown below.

All simulation phishing emails should now come straight through to your user's inbox.


How did we do?