How to Configure Whitelist in Microsoft
It is recommended to use DMI (Direct Message Injection) as the delivery method. To configure it, refer to the Instruction Manual link.
While DMI ensures that simulation emails reach users' inboxes correctly, we may often encounter affected statistics and false positives, such as clicks on the link or, in the case of a Ransomware simulation, false statistics of opening the attachments.
Therefore, we recommend configuring the two ATP (Advanced Threat Protection) rules, ATP Link and ATP Attachment, using the Header that identifies the SMARTFENSE instance used.
It is advisable to implement it by Header rather than by our IP addresses to avoid situations where simulations do not reach Microsoft with the IPs of our sending servers but with technologies such as AntiSpam, which, once the email has reached the inbox, review and resend them. Therefore, they do not arrive with our IPs.
To create the rules by Header, Microsoft allows around 100 characters, so you will need to shorten the default Header found in the SMARTFENSE platform.
Steps to shorten the Header in SMARTFENSE:
- Log in to your SMARTFENSE platform.
- In the Configuration > Security > Whitelist section, go to the "Phishing and Ransomware Email Header" section.
- Click the "Customize Header" button.
- Remove characters from the end until the Header is approximately 100 characters long. You can copy the Header into the Notepad program to remove the necessary characters.
- After modifying the header, paste it into the SMARTFENSE platform.
- Click on "Save" at the end of the section.
Rules for Skipping Advanced Threat Protection
This section shows how to proceed when using Advanced Threat Protection (ATP) in your email environment and receiving false clicks or false opens of attachments.
What you should do is configure mail flow rules to skip Safe Link/Attachment Processing from ATP for phishing and ransomware simulation emails from SMARTFENSE's IP addresses.
Note: We recommend waiting at least two hours for the rules to propagate to all your users. Additionally, we recommend testing the effectiveness of the rules with a small test group before launching phishing or ransomware simulation campaigns to all your users again.
Rule to Skip ATP Link
Here are the detailed steps to configure a mail flow rule to skip ATP Link Processing:
- Enter the following link: https://admin.exchange.microsoft.com/#/
- Go to Mail Flow > Rules.
- Click on (+) Add a rule > Create a new rule.
- Name the rule, such as "Skip ATP Links".
- In the Apply this rule if... condition, select The header of the message, then click on "Select one" and choose "includes any of these words".
- Click on "Enter text" to set the message header to this value: "X-PHISHINGSIMULATION" then "Save".
- In "Enter words", write/copy the header found in Settings > Security > Whitelist in the "Phishing and Ransomware Email Header" section within your SMARTFENSE platform. Click on "Add" and then "Save".
- Below in "Do the following", select Modify the message properties and in "Select one" choose "set a message header".
- Click on "Enter text" to set the message header to this value: "X-MS-Exchange-Organization-SkipSafeLinksProcessing" then "Save".
- Click on "Enter text" for the value and write "1", then "Save". The rule should now be set as:
- Click on "Next".
- In "Set rule settings", leave the values as default and click on "Next".
In "Review and finish", leave the values as default and click on "Finish".
Rule to Omit ATP Attachment
Below are the detailed steps to configure a flow rule to omit ATP Attachment Processing:
- Click on (+) Add a rule > Create a new rule.
- Name the rule, such as "Omit ATP Attachments".
- In the condition Apply this rule if..., select Message headers, then click on "Select one" and choose "includes any of these words".
- Click on "Enter text" to set the message header to this value: "X-PHISHINGSIMULATION", then click "Save".
- In "Enter words", write/copy the header found in the Settings > Security > Whitelist section under "Phishing and Ransomware email header" in your SMARTFENSE platform. Click "Add" and then "Save".
- Under "Do the following", select Modify the message properties and in "Select one" choose "set a message header".
- Click on "Enter text" to set the message header to this value: "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing", then click "Save".
- In "value", click "Enter text" and write "1", then click "Save". The rule should look like this:
- Click on "Next".
- In "Set rule configuration", leave the default values and click "Next".
- In "Review and finish", leave the default values and click "Finish".
Rule Priority
Once the rules are finalized, they must be enabled, assigned the following priority, and stop processing at the last rule 'Bypass ATP Attachments'.
This is done by editing each rule, going to 'Edit rule settings'.
We check the option to enable the rule.

Set the order from 0 to 1.

Once you have completed this setup, wait for the new rules to apply and propagate, then set up a test phishing simulation campaign for yourself or a small group of users to test your new whitelist rule.
Note: For best practices, we recommend leaving the other options at their default settings.