Skip to main content

Microsoft - How to Implement IP Whitelist in Office 365 (Exchange Online Protection)

  • Updated

This article explains how to whitelist SMARTFENSE servers in an Office 365 environment so that simulation emails bypass Microsoft Exchange Online Protection (EOP). It covers the three required configurations: advanced delivery, inbound connector, and Spoof Intelligence exception.

SMARTFENSE Data to Allow

SMARTFENSE IPs: 160.153.250.248, 190.210.135.44, 50.6.200.66, 52.16.33.192

SMARTFENSE Domains: livefense.com, smartfense.com, mail-takesecurity.com, palertbutton.com, phishalertbutton.com

The values listed here are those published at the time of the last review. To keep the source of truth updated, always check Settings > Security > Whitelist in your SMARTFENSE instance.

Prerequisites

  • Administrator access to the Microsoft 365 Defender portal (https://security.microsoft.com).
  • Access to the Exchange Admin Center (https://admin.exchange.microsoft.com/).
  • Permissions to create mail flow connectors and Spoof Intelligence rules.

Configure Delivery of Third-Party Phishing Simulations

  1. Log in to the Microsoft 365 Defender portal at https://security.microsoft.com.
  2. Go to Collaboration and Email > Rules and Policies > Threat Policies > Rules section > Advanced Delivery, or access directly at https://security.microsoft.com/advanceddelivery.
  3. In the Phishing Simulation section, click Add.
  4. Enter the SMARTFENSE IPs indicated at the beginning.
  5. Enter the SMARTFENSE domains indicated at the beginning.
  6. Confirm the rule.

Create the Connector for Receiving External Emails

A Microsoft security update requires creating a specific connector for receiving emails from SMARTFENSE.

  1. Access the Exchange Admin Center (https://admin.exchange.microsoft.com/) or the Microsoft 365 Defender portal.
  2. Go to Mail Flow > Connectors.
  3. Click + Add a connector.
  4. In Connection from, select Partner Organization.
  5. For Name, enter SMARTFENSE.
  6. Select the option By verifying that the sending server IP address matches one of the following IP addresses belonging to your partner organization.
  7. Add the SMARTFENSE IPs indicated at the beginning.
  8. Check the box Reject email messages if they are not sent over TLS.
  9. Review the settings and click Create connector.

Configure the Exception in Spoof Intelligence (EOP)

This rule prevents simulation emails from triggering spoofing alerts.

  1. Go to https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem or navigate through Collaboration and Email > Rules and Policies > Threat Policies > Rules > Allowed and Blocked Lists > Spoofed Senders.
  2. Click Add.
  3. In Add new domain pairs, enter: *,livefense.com.
  4. In Spoof type, select External.
  5. In Action, select Allow.
  6. Click Add.

Validation

Propagation of the three configurations can take between 1 and 2 hours. After that time, run a test campaign with your own user or a small group before launching campaigns to the entire organization.

 

Next Steps

Once the steps in this article are completed, you need to continue with the following configuration to avoid false positives.

Microsoft - How to Configure Whitelist Rules in Office 365 When Simulations Come from Other IPs (by Header)

 

💡 Best Practices

  • Wait between 1 and 2 hours after configuring the three rules before launching the first test campaign.
  • Launch the first test with a small group that includes you as administrator.
  • Validate that the three rules (Advanced Delivery + Connector + Spoof Intelligence) are created and active before enabling mass campaigns.
  • Keep IPs and domains aligned with the official list published in Settings > Security > Whitelist of SMARTFENSE.
  • Document the configuration in the client’s internal inventory to facilitate future reviews.

Related to

Related articles