/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

BullPhish ID Safelisting

Microsoft Office 365 Safelisting Guide

Microsoft 365 Defender Third Party Phishing Simulation Configuration

Section	Details	Date of Change
Section B Step 11-14 Point 2:	Steps added for the routing setup	November 16^th, 2021
Sending Domains	Added a new SMTP server "34.237.252.20" to improve email deliverability	November 29^th, 2021
Section 3	Added a new SMTP server to fix email delivery issues for error code "451 4.7.50" Server is busy in Exchange Online.	January 27^th, 2022
Section 2, Step 5	Exporting Sending Domains links updated	January 28^th, 2022
Section 2, Simulation URLs to allow	Old URL ".secureawareness.net /" replaced with ".cloudsurveillance.net /"	February 10^th, 2022
Updated Section 2, Step 5	Prevent Outlook from blocking content in your emails and displaying a Safe Senders Warning	April 10^th, 2022

Objectives: This guide will help you configure the delivery of third-party phishing simulations to Microsoft 365 Defender.

Note: Secure by default is unavailable if your domain's MX record doesn't point to Office 365 (messages are routed somewhere else first). If you'd like to add protection, you'll need to enable Enhanced Filtering for Connectors (also known as skip listing). For more information, go to Manage mail flow using a third-party cloud service with Exchange Online. If you don't want Enhanced Filtering for Connectors, use mail flow rules (also known as transport rules) to bypass Microsoft filtering for messages that have already been evaluated by third-party filtering. For more information, see Use mail flow rules to set the SCL in messages.

Before you can whitelist BullPhish ID using advanced delivery policies, you'll need to have the appropriate permissions. To create, modify, or remove settings in a progressive delivery policy, you must be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.

You must be a member of the Global Reader or Security Reader role groups for read-only access to an advanced delivery policy. For more information about Microsoft permissions, see Microsoft's Permissions in the Microsoft 365 Defender portal and Permissions in Exchange Online articles.

1. Open Microsoft 365 Defender portal, go to Email & Collaboration » Policies & Rules » Threat policies page » Rules section » Advanced delivery. Or follow the link.

2. On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:

Click Edit or,

If there are no configured phishing simulations, click Add.

3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:

Sending Domain: Pre-requisite: Please click on the following link to download the up-to-date list of sending domains. If you want to download the file manually, access the Bullphish ID portal under the Guides section. Expand the 'Sending Domain' setting and enter the sending domains available in the downloaded list from the previous point by clicking in the box, entering a value, and presenting Enter or selecting the value displayed below the box. Repeat this step as many times as necessary.
Sending IP: Expand this setting and enter IPv4 addresses below by clicking in the box, entering a value, and then pressing Enter or selecting the value displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries. Values to be added are:

168.245.13.192 (SendGrid IP – Needed for sending notification emails)
34.237.252.20 (New SMTP Server IP – Where we send Phishing & Training Email from)
54.211.230.155 (NAT gateway IP – IP address of background processes that initiate sending Phishing & Training Emails)
18.233.13.154 (Fallback – Secondary IP)
3.18.16.105 (Fallback – Secondary IP)
3.18.67.92 (Fallback – Secondary IP)
3.17.244.221 (Fallback – Secondary IP)
3.18.32.205 (Fallback – Secondary IP)

Simulation URLs to allow: Expand this setting and enter the following URLs by clicking in the box, entering a value, pressing Enter, or selecting the values displayed below the box.

service-noreply.info/* bpidtr.com/*

*.bpidtr.com/* *.cloudsurveillance.net/*

To remove an existing value, click remove next to the value.

Note: You must specify at least one Sending domain and one Sending IP to configure a third-party phishing simulation in Advanced Delivery. You may optionally include Simulation URLs to allow to ensure URLs present in simulation messages are not blocked. You may specify up to 10 entries for each field. There must be a match on at least one Sending domain and one Sending IP, but no association between values is maintained.

Once you're finished, do one of the following steps:

First time: Click Add, and then Close.

Edit existing: Click Save and then click Close.

The third-party phishing simulation entries you configure are displayed on the Phishing Simulation tab. To make changes, click Edit on the tab.

Prevent Outlook from blocking content in your emails and displaying a Safe Senders Warning

Emails from domains not on the Outlook Safe Senders list may display a warning, and some email content, including images, may be blocked.

To prevent the 'Some content in this message has been blocked because the sender isn't in your Safe sender's list' message from showing up, you will need to add BullPhish ID Sending domains to the Outlook Safe Sender lists of each of your end-users:

Open PowerShell.
Execute the following command if the ExchangeOnlineManagement module is not installed:

Install-Module ExchangeOnlineManagement

Execute the following command to import the module:

Import-Module ExchangeOnlineManagement

Connect to Exchange Online https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps

Connect-ExchangeOnline -UserPrincipalName   <UPN>

Note: <UPN> is your account in user-principal name format (for example, xxxxx@contoso.com).

Execute the following script to add BullPhish ID Sending domains to each of your end-users Outlook Safe Sender lists. Adding senders to the user's safe senders list will remove the "Some content of this message has been blocked." banner and allow the mail client to download images in emails from the sender automatically. If images are downloaded, opens will be recorded when a user views the email."

$users = Get-EXOMailbox
$senders = "example@example.com" #add safe senders here, in quotes and comma-separated
foreach($user in $users){
$out = 'Adding Trusted Senders to {0}' -f $user.UserPrincipalName
Write-Output $out
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Add=$senders}
}
Write-Output "Finished!"

Note: You will need to assign all senders you wish to add to the user's safe senders list to $senders, in quotes and comma-separated. The list of sending domains is available on the BullPhish ID dashboard under the Guides/ Sending Domains section or from the following link.

For example:

$senders = "bp-service-support.com","bp-securityawareness.com","online-account.info",
"myonlinesecuritysupport.com","service-noreply.info","banking-alerts.info","bullphish.com",
"verifyaccount.help","suspected-fraud.info"

Important. You will need to run this script every time you add new users to ensure all users have BullPhish ID Sending domains added to their Safe Senders list.

How to remove already added domains from the safe sender list?

To remove domains from the safe sender list, you need to execute the following command:

$users = Get-EXOMailbox $senders = "example@example.com" #add safe senders here, 
in quotes and comma-separated foreach($user in $users){ $out = 'Removing Trusted Senders 
from {0}' -f $user.UserPrincipalName Write-Output $out 
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains 
@{Remove=$senders} } Write-Output "Finished!"

Note: You will need to assign all senders you wish to remove from the user's safe senders list to $senders, in quotes and comma-separated.

For example

$senders = "bp-service-support.com","bp-securityawareness.com","online-account.info",
"myonlinesecuritysupport.com","service-noreply.info",
"banking-alerts.info","bullphish.com","verifyaccount.help","suspected-fraud.info"

If a user runs this script by mistake, then listed in script domains will be removed from the Trusted Domains list. A spam filter will filter emails from removed domains. Or, in case of the wrong syntax script, nothing happened to the Trusted Domains list will throw an error.

Fix email delivery issues for error code "451 4.7.50Server is Busy" with the new SMTP server in Exchange Online.

1. Log In to https://admin.exchange.microsoft.com/#/

2. Go to Mail Flow » Connectors.

3. Click on the "Add a connector" button.

4. In the window, choose "Connection From" = "Partner organization," and click on the "Next" button.

5. Enter the name of the connector. For example: "BullPhish ID" and click on the "Next" button.

6. Choose "By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization," and add all BullPhish ID IP addresses. Then click on the Next button.

7. Choose "Reject email messages if they aren't sent over TLS." Click on the "Next" button.

8. Click on the "Create connector" button.

© Copyright All rights reserved. No part of this document may be reprinted or reproduced, or utilized in any form or by any electronic, mechanical, or other means, now known or hereinafter invented, including photocopying and recording or in any information storage or retrieval system without written permission from the publishers.