Skip to main content

Allowlisting - Use M365 Defender to allow a Phishing Simulation

To ensure CanIPhishGrintOps can effectively simulate phishing campaigns, you will need to allowlist our emails. We highly recommend this method for allowlisting as it's been explicitly created by Microsoft for the purpose of conducting phishing simulations.

Note: If you find that website links are being re-written and lead to a "suspicious website" page after allowlisting, your organisation may need to add additional attachment and URL exemptions. To enable these exemptions please see our support article: Allowlisting - Bypass Safe Link/Attachment Processing of M365 Advanced Threat Protection (ATP)

Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy

Note: Prefer to use PowerShell? Use our prepared script

1. Login to Microsoft 365 Defender at the following link to go straight to the Phishing Simulation allowlisting form: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation

mceclip0.png

Note: This form can also be accessed by going to https://security.microsoft.com/ and clicking through Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation

2. Click Edit icon. Edit or If there are no configured phishing simulations, click Add.

3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:

Sending Domain: 

alerting-services.com

authwebmail.com

cloud-notification-services.com

securesupportcloud.com

office-365-notifications.com

webnotifications.net

paypaypal.net

cmail31.com

authenticationsecure.com

verificationweb.net

onlineverify.net

portal-login.net

email-forwarder.net

learn.caniphish.grintops.com (Optional)
caniphish.
grintops.com (Optional)

Important Note: If you've white-labeled CanIPhish,GrintOps , replace caniphish.grintops.com and learn.caniphish.grintops.com with your white-labeled domains (e.g. phish.mybusiness.com and learn.phish.mybusiness.com).

Sending IP: 

3.106.21.22
13.237.47.221

Simulation URLs to allow: 

authwebmail.com/*
*.authwebmail.com/*
cmail31.com/*
*.cmail31.com/*
securesupportcloud.com/*
*.securesupportcloud.com/*
webnotifications.net/*
*.webnotifications.net/*
alerting-services.com/*
*.alerting-services.com/*

Note: All the above domains and IP addresses are under the sole control of CanIPhish.GrintOps. As such we can ensure that no unintended emails will originate from these IPs and domains after allowlisting occurs.

 

4. When you're finished, click Add/Save and then click Close.

Note: Allowlisting may take up to an hour to take effect.

 

All done! Allowlisting can be tricky... should you have any difficulties, please don't hesitate to contact us.

 

Troubleshooting: If you run into issues with emails continuing to go to spam/quarantine folders. You may have Microsoft Advanced Threat Protection (ATP) enabled which may require additional allowlisting. Please see our guide here to Bypass Safe Link/Attachment Processing of M365 ATP.

If issues still continue, try out our Microsoft 365 Direct Email Injection integration which bypasses the need for allowlisting.

 

PowerShell Allowlisting Script

Want to automate the deployment of CanIPhishGrintOps allowlisting? Use our prepared PowerShell script below.

Step 1. Ensure Exchange Online V3 For Powershell Is Installed

Install-Module -Name ExchangeOnlineManagement -Force

Step 2. Connect Exchange Online For Powershell To Your Microsoft 365 Tenant

Note: Please replace the value YOUR-ADMIN-EMAIL with the M365 administrator email that you wish to sign in with.

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline `
-UserPrincipalName YOUR-ADMIN-EMAIL `
-ShowProgress:$false `
-LoadCmdletHelp # optional: if you want Get-Help for EXO cmdlets

Step 3. Create The Phishing Simulation Allowlist Policies And Configurations

Note: If you've white-labelled CanIPhish,GrintOps , make sure to replace the caniphish.grintops.com and learn.caniphish.grintops.com domains with your white-labelled domains.

# 1. Create the override policy

New-PhishSimOverridePolicy -Name PhishSimOverridePolicy



# 2. Confirm it’s there

Get-PhishSimOverridePolicy



# 3. Create the override rule pointing to the allowlisted domains & IPs

New-ExoPhishSimOverrideRule `

-Name PhishSimOverrideRule `

-Policy PhishSimOverridePolicy `

-Domains alerting-services.com,authwebmail.com,cloud-notification-services.com,securesupportcloud.com,office-365-notifications.com,webnotifications.net,paypaypal.net,cmail31.com,authenticationsecure.com,verificationweb.net,onlineverify.net,portal-login.net,email-forwarder.net,caniphish.grintops.com,learn.caniphish.grintops.com `

-SenderIpRanges 3.106.21.22,13.237.47.221



# 4. Allowlist the phishing website URLs in Defender’s tenant allow/block list

New-TenantAllowBlockListItems `

-Allow `

-ListType Url `

-ListSubType AdvancedDelivery `

-Entries authwebmail.com/*,*.authwebmail.com/*,cmail31.com/*,*.cmail31.com/*,securesupportcloud.com/*,*.securesupportcloud.com/*,webnotifications.net/*,*.webnotifications.net/*,alerting-services.com/*,*.alerting-services.com/* `

-NoExpiration



# 5. Verify your rule

Get-ExoPhishSimOverrideRule
Back to top