Purpose
It's important to make sure that the test phishing emails don't get blocked by your email filters. You should set up a whitelisting rule to ensure the test emails get delivered to your team's inboxes. The following steps describe how to whitelist our phishing domain in Microsoft 365.
NOTE: The below instructions may vary depending on your Microsoft 365 licence tier.
Access the Phishing Simulation page
OPTION 1 - Shortcut
Go to the Phishing Simulation page in Microsoft 365.
Make sure you're logged in with a Microsoft 365 administrator account.
You can skip to the Add the Phishing Details section below.
OPTION 2 - Navigate
Log in to your Microsoft 365 Admin Center using an administrator account.
Click on the 9 dots in the top-left of the screen and select Security to open Microsoft Defender.
Select Email & collaboration in the left menu and then click Policies & Rules below.
Click Threat policies.
Select Advanced Delivery under the Rules heading.
Click on the Phishing simulation tab under the heading.
Add the Phishing Details
Select "Edit" or "Add" to open the sidebar and then paste in the following values:
Domain field = "signin-securely.com"
Sending IP (paste these individually) =
50.31.32.0/19
149.72.0.0/16
159.183.0.0/16
167.89.0.0/17
168.245.0.0/17
192.254.112.0/20
198.21.0.0/21
198.37.144.0/20
208.117.48.0/20
223.165.112.0/20
Hit Save.
Test Your Phishing Campaign
You should send a test phishing email to yourself from the Phishing feature in Apollo Secure and check that the phishing email has come through to your inbox successfully.
You are now ready to send a phishing campaign to your team!
If you have any questions, you can reach out to our support team with the blue help button at the bottom-right of our website and app.