Views:
How to whitelist a domain in Microsoft 365 for a Defense.com phishing campaign

In this guide I'll explain how to whitelist the domain for a phishing campaign in Microsoft 365

To whitelist a domain, you'll need to modify your inbound spam policy.

  1. Sign in to your Microsoft 365 Defender portal

     

  2. Click on Policies & rules in the left-hand menu

     

     

  3. Choose Threat policies

     

     

  4. Select Anti-spam inbound policy (Default).

     

     

     

  5. Scroll down and click on Edit allowed and blocked senders and domains.

     

     

  6. Click on Allow domains.

     

     

  7. Add the domain that you want to allow (whitelist).

     

    Please note: The domain is provided when selecting the template during the set up of the phishing campaign.

     

     

     

  8. Click Add domains

    .

     

  9. Click on Save

     

     

    That's it 🎉 You've successfully added the domain to the spam filter allow list. From now on, all emails sent via this particular Defense.com phishing domain will not be marked as spam.

Keywords: Whitelist; Domain