Check Prerequisites: Verify that your domain's mail exchanger (MX) record directs to Microsoft Office 365. If it doesn't, you cannot use the 'secure by default' feature. Also, make sure to turn on the Enhanced Filter for Connectors setting. If you're uncertain about how to do this, consult Microsoft's guide on configuring this setting.
Ensure You Have the Necessary Permissions: To make changes to the advanced delivery policy, you need to be part of the Security Administrator group in the Microsoft Security & Compliance Center and the Organization Management group in Microsoft Exchange Online. If you're unclear about what these permissions mean, Microsoft has further information.
Setting up the Policy: Follow these steps to configure the policy:
1. Sign in to your Microsoft 365 Defender portal.
2. Navigate to the 'Email & Collaboration' section Side bar.
-Then select 'Policies & Rules' under the 'Email & Collaboration' section
-In the main window of the page select 'Threat policies'
-Then scroll down, and select 'Advanced delivery' under Rules.
-Finally click on the 'Phishing Simulation' tab.
3. Choose to edit by clicking the Edit icon. If there's no existing phishing simulations, click the Add icon to create one.
5. In the dialog box that pops up ('Edit third-party phishing simulation'), Then enter the following information in the corresponding fields.
Additional Notes:
YOU CAN NOT ADD ALL OF DOMAINS AT ONCE.
We are sorry for the inconvenience, however Microsoft only allows the domains to be added individually.
Be sure that the domain section has 20 items, the sending IP has 3 items, and the simulation URLS to allow is 1 item.
When you paste the copied text into the corresponding field, be sure that you hit enter each time.
You can click each one individually to have it copied.
Then you can right click, and select paste, or (ctrl+v) for windows or (cmd+v) for mac.
Be sure that you click add or hit enter after each entry.
If you see warnings please review the URL format.
Great job!
You're all ready to move onto creating Email Rules!
Note Before Beginning:
You will be creating 5 different rules. Please create the rules in order, to minimize issues.
(This rule should be priority 0 this is relevant for step 7, however to minimize that step create them in order)
1. Open the Transport Rules interface
Navigate to the mail flow rules page by visiting: https://admin.exchange.microsoft.com/#/transportrules
Note : If you're asked to login, then you will be taken to the Microsoft Exchange main menu. However, you should be able to click the link again after logging in to be taken to the correct page.
2. Create a new rule
Click on the “+ add a rule” button and then select "New Rule" (1st option) from the drop-down menu.
3. Name your rule
In the name field type: "PhishFirewall - Bypass Attachments Rule"
(It is nice to keep names standardized to help with trouble shooting)
4. Define conditions for the rule "IP address is"
- Under the section "Apply this rule if *",
- Select "The Sender",
- Select "IP address is any of these ranges or exactly matches"
- Specify the IP Addresses, by typing the IP Addresses listed to the right.
- Click Save/Next
Were using "IP address is any of these ranges or exactly matches" here because we want both Phishing Simulations and Educational content to avoid the attachment scanner.
.png)
5. Define the behavior for the rule
- Under the section "Do the following",
- Select "Modify Message Properties",
- Select "Set a Message Header"
- Specify the message header,
type in "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" (Click save/next)
- Set the Value to "true" (all lower case)(Click save/next)
6. Verify your rule
Verify your settings and ensure it matches the image to your right.
Double check the following:
- the sender's IP address is in the range: '168.203.37.175' or '168.203.37.174' or '168.203.36.203'.
- Set the message header "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing"
- to the value "true"
After you have done that you will click "Next/Save"
.png)
6. Finalize and Save Rule
Now you will be taken to finalize the settings, you just need to click "next".
Then click "next" again.
and then click "Finish".
You will then see "Transport rule created successfully".
Then click "Done"
Great Job!
You're all ready to move onto the next rule!
Note Before Beginning:
You will be creating 5 different rules. Please create the rules in order, to minimize issues.
(This rule should be priority 1 this is relevant for step 7, however to minimize that step create them in order)
1. Open the Transport Rules interface
Navigate to the mail flow rules page by visiting: https://admin.exchange.microsoft.com/#/transportrules
Note : If you're asked to login, then you will be taken to the Microsoft Exchange main menu. However, you should be able to click the link again after logging in to be taken to the correct page.
2. Create a new rule
Click on the “+ add a rule” button and then select "New Rule" (1st option) from the drop-down menu.
3. Name your rule
In the name field type: "PhishFirewall - Avoid False Clicks"
(It is nice to keep names standardized to help with trouble shooting)
4. Define conditions for the rule "IP address is"
- Under the section "Apply this rule if *",
- Select "The Sender",
- Select "IP address is any of these ranges or exactly matches"
- Specify the IP Addresses, by typing the 2 IP Addresses listed to the right.
- Click Save/Next
Were using "IP address is any of these ranges or exactly matches" here because we want both Phishing Simulations and Educational content to avoid the attachment scanner. Please note the image is missing 2 of the Ip addresses.
5. Define the behavior for the rule
- Under the section "Do the following",
- Select "Modify Message Properties",
- Select "Set a Message Header"
- Specify the message header,
type in "X-MS-Exchange-Organization-SkipSafeLinksProcessing" (Click save/next)
- Set the Value to "true" (all lower case)(Click save/next)
6. Verify your rule
Verify your settings and ensure it matches the image to your right.
Double check the following:
- the sender's IP address is in the range: '168.203.37.175' or '168.203.37.174' or '168.203.36.203'
- Set the message header "X-MS-Exchange-Organization-SkipSafeLinksProcessing'"
- to the value "true"
After you have done that you will click "Next/Save"
7. Finalize and Save Rule
- Now you will be taken to finalize the settings, you just need to click "next".
- Then click "next" again.
- and then click "Finish".
- You will then see "Transport rule created successfully".
- Then click "Done"
Great Job!
You're all ready to move onto the next rule!
Note Before Beginning:
You will be creating 5 different rules. Please create the rules in order, to minimize issues.
(This rule should be priority 2 this is relevant for step 7, however to minimize that step create them in order)
1. Open the Transport Rules interface
Navigate to the mail flow rules page by visiting: https://admin.exchange.microsoft.com/#/transportrules
Note : If you're asked to login, then you will be taken to the Microsoft Exchange main menu. However, you should be able to click the link again after logging in to be taken to the correct page.
2. Create a new rule
Click on the “+ add a rule” button and then select "New Rule" (1st option) from the drop-down menu.
3. Name your rule
In the name field type: "PhishFirewall - Focused Inbox"
(It is nice to keep names standardized to help with trouble shooting)
4. Define conditions for the rule "the sender domain is"
- Under the section "Apply this rule if *",
- Select "The Sender",
- Select "domain is"
- Specify the domain, and type in "phishfirewall.com"(Click add or press enter)
- Click Save/Next
Were using "the sender domain is phishfirewall.com" here because we only want educational content in the Focused Inbox which comes from that specific domain.
5. Define the behavior for the rule
- Under the section "Do the following",
- Select "Modify Message Properties",
- Select "Set a Message Header"
- Specify the message header, type in "X-MS-Exchange-Organization-BypassFocusedInbox" (Click save/next)
- Set the Value to "true" (all lower case)(Click save/next)
6. Verify your rule
Verify your settings and ensure it matches the image to your right.
Double check the following:
- the sender's domain is "phishfirewall.com"
- Set the message header "X-MS-Exchange-Organization-BypassFocusedInbox"
- to the value "true"
After you have done that you will click "Next/Save"
7. Enable Stop Processing new rules.
You should be brought to the next page for additional settings.
You will want to enable "Stop Processing new rules"
This step is to ensure, that no other rules that you have enabled, or may create in the future will interrupt PhishFirewall services.
8. Finalize and Save Rule
- Then click "next" again.
- and then click "Finish".
- You will then see "Transport rule created successfully".
- Then click "Done"
Great Job!
You're all ready to move onto the next rule!
IMPORTANT- This Step Is Optional. This step adds an External Email banner, it is a best practice to use one across your organization. It is not necessary, and if your organization already has one in place you can continue using it, however you will need to ensure that emails from "phishfirewall.com" are excluded from that banner so your employees know they can trust PhishFirewall's educational emails.
Note Before Beginning:
You will be creating 6 different rules. Please create the rules in order, to minimize issues.
(This rule should be priority 3 this is relevant for step 7, however to minimize that step create them in order)
1. Open the Transport Rules interface
Navigate to the mail flow rules page by visiting: https://admin.exchange.microsoft.com/#/transportrules
Note : If you're asked to login, then you will be taken to the Microsoft Exchange main menu. However, you should be able to click the link again after logging in to be taken to the correct page.
2. Create a new rule
Click on the “+ add a rule” button and then select "New Rule" (1st option) from the drop-down menu.
3. Name your rule
In the name field type: "PhishFirewall - External Email Warning"
(It is nice to keep names standardized to help with trouble shooting)
4. Define conditions for the rule "Apply this rule if *"
- Under the section "Apply this rule if *",
- Select "The Sender",
- Select "
- Select ""Outside The Organization"
- Click Save/Next
Were using "The Sender is Outside the Organization" here because we wan't all external Emails to have this warning attached.
5. Define the behavior for the rule
- Under the section "Do the following",
- Select "apply a disclaimer to the message",
- Select "Prepend A Disclaimer"
- Specify the Disclaimer Text:
Click the button to the right to copy the code,
Then paste the code into the disclaimer text box. (Click save/next)
(CTRL + V) windows, (CMD+V) mac
- Specify Fall Back action: "w" (all lower case)(Click save/next)
6. Define Exceptions for the rule "the sender domain is"
- Under the section "Except if",
- Select "The Sender",
- Select "domain is"
- Specify the domain, and type in "phishfirewall.com"(Click add or press enter)
- Click Save/Next
Were adding an exception now, for phishfirewall.com, so that they are treated as internal emails. You can also add other domains, that you would like to not have this banner here.
7. Verify your rule
Verify your settings and ensure it matches the image to your right.
Double check the following:
- the sender is located 'NotInOrganization'
- Prepend "HTML Code"
- Fall Back action "Wrap"
- Except if The Sender's Domain is 'phishfirewall.com'
After you have done that you will click "Next/Save"
8. Finalize and Save Rule
- Now you will be taken to finalize the settings, you just need to click "next".
- Then click "next" again.
- and then click "Finish".
- You will then see "Transport rule created successfully".
- Then click "Done"
Great Job!
You're all ready to move onto the next rule!
Note Before Beginning:
You will be creating 5 different rules. Please create the rules in order, to minimize issues.
(This rule should be priority 4 this is relevant for step 7, however to minimize that step create them in order)
1. Open the Transport Rules interface
Navigate to the mail flow rules page by visiting: https://admin.exchange.microsoft.com/#/transportrules
Note : If you're asked to login, then you will be taken to the Microsoft Exchange main menu. However, you should be able to click the link again after logging in to be taken to the correct page.
2. Create a new rule
Click on the “+ add a rule” button and then select "Bypass Spam Filtering" from the drop-down menu.
3. Name your rule
In the name field type: "PhishFirewall - Spam Bypass"
4. Define conditions for the rule "IP address is"
- Under the section "Apply this rule if *",
- Select "The Sender",
- Select "IP address is any of these ranges or exactly matches"
- Specify the IP Addresses, by typing the 5 IP Addresses listed to the right.
- Click Save/Next
Were using "IP address is any of these ranges or exactly matches" here because we want both Phishing Simulations and Educational content to avoid the attachment scanner. Please note the image is missing 2 of the Ip addresses.
5. Define the behavior for the rule
- Under the section "Do the following",
- Select "Modify Message Properties",
- Select "set the spam confidence level (SCL)"
- Specify SCL, selecting "Bypass spam filtering"(Click save/next)
6. Verify your rule
Verify your settings and ensure it matches the image to your right.
Double check the following: - The sender's domain is "phishfirewall.com"
- Set spam confidence level (SCL) to "bypass" or "-1"After you have done that you will click "Next/Save"
.png)
7. Enable Stop Processing new rules.
You should be brought to the next page for additional settings.
You will want to enable "Stop Processing new rules"
This step is to ensure, that no other rules that you have enabled, or may create in the future will interrupt PhishFirewall services.
8. Finalize and Save Rule
-
- Then click "next" again.
- and then click "Finish".
- You will then see "Transport rule created successfully".
- Then click "Done"
Great Job!
You're all ready to enable rules, and verify their ordering.
Note Before Beginning:
In the Previous steps we created mail flow rules. We are now going to verify that they are in the correct order.
Please use the Reference image to verify you have completed this step.
Enable Rules:
- You will double click the rule, to open the rule settings window. (or click once then select edit)
- Click the switch to enable the rule.
- Click Save.
- Repeat for each rule.
Change Rule Priority:
-Click the rule in the incorrect position once to select the rule, then click Move up, or Move down to get it in the correct position.
What to do with Existing Rules? IMPORTANT
Existing rules should be set to a priority bellow all existing rules.
Except for an existing External email warning banner which should replace "PhishFirewall - External Email Warning" Priority 3 ( 4th on list )
Great Job!
You're all ready to move onto configuring your 3rd party email security services.
(Unless You use Outlook Thick Clients)
If you are uncertain if you are using an outlook thick client, then it is safe to assume you are not.
Before we start, make sure you have access to create and edit group policy objects. This guide assumes you're an admin for your organization.
Step 1: Get the Safe Senders List
Step 2: Get the Correct Office Version Administrative Template
Depending on your version of Office, download the corresponding Administrative Template:
Step 3: Create a New Group Policy Object (GPO)
Step 4: Navigate to the Correct Setting in the GPO
Step 5: Specify the Path to the Safe Senders List
Step 6: Create a New Registry Item
Step 7: Configure the New Registry Item
Note: Replace 1x.0 with your version of Outlook. (11.0 = Outlook 2003, 12.0 = Outlook 2007, 14.0 = Outlook 2010, 15.0 = Outlook 2013, and 16.0 = Outlook 2016)
And that's it! You've now set up your Safe Senders list in Outlook. All emails from the addresses on this list should now arrive in the Inbox instead of the Junk folder.
Great job You're all ready to Configure 3rd Party Email Security Services.