Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Microsoft Advanced Delivery for Phishing

  1. Last updated
  2. Save as PDF
Situation Configuring Microsoft's Advanced Delivery for Phishing 
Version Proofpoint Essentials Security Awareness 
Phishing
Microsoft 365
Summary Ensure Safelisting in Microsoft 365 has been completed properly
Configure using Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes

Question 

Why and how should Microsoft's Advanced Delivery for Phishing be setup to work with the Phishing tool?

Answer

In addition to the Exchange mail flow rules detailed in the article Safelisting in Microsoft 365, it is recommended that organizations also safe list within Microsoft's Advanced Delivery section of Microsoft Defender for Office 365. 

To learn more about this new feature, how to setup it up, and why it is recommended, please see the following Microsoft article:
Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes

TLDR (TL;DR) Instructions

  1. Go to https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
  2. Click the Add
  3. Add the following details based on the campaign that is being sent. Make sure to click Enter after every entry
    • Sending Domain: This is the domain found in the Sender Email Address field in the phishing template
    • Sending IP:
  • If you have a security email gateway in front of Microsoft 365, add the IP(s) of your mail relay. Depending on your mail flow, most times the IP(s) of your mail relay can be found by looking at the organization's MX record (see [Microsoft Defender Advanced Delivery adding Security Email Gateway IPs for more details)
  • Add the two Phishing mail server (MTA) IPs.
US EU AP
107.23.16.222 
54.173.83.138		 52.17.45.98
52.16.190.81 		 13.55.65.8
13.55.54.143 
  • Phishing URLs to allow: This setting is NOT required for links in email phishing simulations. This setting to optionally identify links in non-email phishing simulations in Teams messages or in Office documents that shouldn't be treated as real threats at time of click.
  1. Click the Add

Template
clipboard_e49f7c2aeb7209659faf3c56a296ff106.png

Edit third party phishing simulations

clipboard_ec2fe2cf64bf9b59d3d090df04b4d1364.png

 

Note: Office 365/O365 was rebranded as Microsoft 365