SAT - Phishing
      Back to home
      1. Cyvatar Knowledge Base
      2. CyvatarPro Solution Onboarding
      3. SAT - Phishing

      SAT - Curricula | Microsoft 365 EAC and Exchange EOP - Simulated Phishing Campaigns - Allow List SAT Emails

      This article goes over Microsoft 365 (EAC) and Exchange Allow List (EOP) settings

      https://support.huntress.io/hc/en-us/articles/10962601934995-Allow-list-SAT-Emails-in-Microsoft-365-EAC-and-Exchange-EOP

      Microsoft Office 365 users please complete Step 1.

      Exchange on-premises (EOP) please complete Step 2.

       

      Step 1: Add SAT IPs to Your IP Allow List in EAC

      Let’s begin by adding the Security Awareness Training (SAT) IP addresses (training and phishing simulator) to your Exchange/Microsoft 365 Exchange Admin Center’s allowed list.

      (If you are using Exchange 2010, 2013, 2016 and 2019, you can also set up an IP allow list using a command line. See instructions from Microsoft here: Add-IPAllowListEntry.)

      Allowlisting Domains 

      It's also important to Allow HSAT Phishing domains to prevent campaigns from ending up in your spam folder. You can access the full list of domains by logging into your Admin account. Select 'Settings' and then 'Phishing' from the vertical menu on the left-hand side to navigate to the 'Phishing' tab or visit our Generic Mail Server allowlisting Guide

       

      Here’s what you need to do:

      1. Log into Microsofts Exchange Admin Center via https://admin.exchange.microsoft.com/

      2. In the Menu on the left Scroll down to Mail Flow and select Rules

      3. Select the + Button then click Bypass Spam filtering...

        1 2 3

      4. Name the rule “SAT Allowlist”

      5. Under *Apply this rule if... select Sender’s IP address is in the range or exactly matches

      6. Add the following IP addresses then click OK

      • 18.205.140.116 (Phishing Server)

      • 168.245.36.66 (Training Server)

         

        4_5_6-2.png

        7.   In the Rule window scroll down to Priority: Set the value to 0

        8.   Under Audit this rule with severity level: select High

        9.   Check the box next to Stop processing more rules

       10.  Click Save when finished

      allow_list_edit_updated.png


      Step 2: Exchange On-Premises (EOP)

      1. Start Windows PowerShell
      • Due to multiple variations of PS and Operating systems please use Microsofts Guide on how to Start PowerShell in multiple environments.

      Starting Windows PowerShell - PowerShell

        2.   Add the following SAT IP addresses
      • 18.205.140.116 (Phishing Server)
      • 168.245.36.66 (Training Server)

      PowerShell command

      • Add-IPAllowListEntry -IPAddress 18.205.140.116
      • Add-IPAllowListEntry -IPAddress 168.245.36.66

      If you want to learn more about this Syntax please refer to the following Microsoft Guide

      Add-IPAllowListEntry (ExchangePowerShell)

      Troubleshooting

      If you are not receiving SAT notification emails, or if they are ending up in your learners’ spam, clutter, or junk folders, you can attempt the following troubleshooting suggestions:

      • Check if your organization uses an additional email protection service (Barracuda, Mimecast, etc.) to filter emails. 
      • If you experience any issues delivering phishing campaign emails, Please use our Advanced Office 365 Defender Allowlisting Guide