When running phishing simulations, it’s common for Office 365 to block or flag test emails as potentially unsafe or malicious. This is because Office 365’s robust security measures are designed to detect and prevent phishing attempts, even if they are part of a controlled simulation. However, these warnings can disrupt your training process by preventing users from receiving and interacting with the test emails as intended. To avoid this and ensure that phishing simulation emails are delivered successfully to your users' inboxes without interference, you can add the simulation domain to the allowlist. This ensures the emails bypass certain security filters while maintaining the integrity of your organization’s broader security measures.

Note: These steps are only applicable for users with administrative access to the Exchange Server 2019 environment. If you are not an admin, please contact your IT administrator to perform these steps.

Step 1: Access the Exchange Admin Center (EAC)

  1. Log in to the Exchange Admin Center (EAC) using your admin credentials.

    • The URL typically looks like this: https://<YourServerName>/ecp.
    • Replace <YourServerName> with your server's actual hostname or IP address.

  2. In the EAC, navigate to Protection in the left-hand menu.

Step 2: Configure the Connection Filter Policy

  1. Under Protection, select Connection Filter.
  2. Locate the default connection filter policy (or create a new one if needed).
  3. Click the pencil icon (✏️) to edit the policy.

Step 3: Add the IP Address to the Allow List

  1. In the connection filter policy settings, go to the IP Allow List section.
  2. Click + Add and enter the IP address you want to whitelist (e.g., 109.169.81.206).
  3. If you need to whitelist multiple IP addresses, add them one by one.
  4. Click Save to apply the changes.

Step 4: Restart the Transport Service (Optional)

Sometimes, the changes may require a restart of the Exchange Transport service to take immediate effect.

  1. Open PowerShell on the Exchange Server.
  2. Run the following command to restart the transport service: