This article is the entry point for the Whitelist process in Microsoft environments. It summarizes the three configurations that must be applied so phishing and ransomware simulations reach the inbox and the statistics are recorded correctly.
The Three Configurations to Apply
When your organization uses Microsoft technology on the mail server, you must complete three specific configurations before launching simulation campaigns.
1. Use of Direct Message Injection (DMI)
Ensures that simulations reach the inbox by injecting emails directly into the system, which reduces blocks by security mechanisms.
See the article Microsoft - How to Configure Sending Simulations via DMI (Direct Message Injection).
2. Implementation of Whitelist in ATP (Advanced Threat Protection)
ATP can generate false positives when analyzing links or attachments in simulations. The Whitelist in ATP prevents those automatic analyses from contaminating campaign statistics.
See the article Microsoft - How to Avoid ATP False Positives in Phishing and Ransomware Simulations.
3. Image Display and Open Tracking
SMARTFENSE emails include a transparent tracking pixel with a unique reference to the recipient user. When the mail client displays the message, it requests the pixel and the open is counted. If images are not loaded, the pixel is not requested and the open is not recorded, affecting the campaign’s open rate statistics.
See the article Microsoft - How to Enable Image Display in Outlook to Track Opens.
đź’ˇ Best Practices
- Implement DMI before starting simulation campaigns in Microsoft environments.
- Configure the Whitelist in ATP to avoid false positives on links and attachments.
- Verify correct image display to ensure open tracking.
- Test configurations with a small group of users before launching mass campaigns.