Instructions for Whitelisting IRONSCALES On Office 365

by | Aug 28, 2019 | Guides

Whitelisiting IRONSCALES on Office 365 to allow you to send simulated phishing campaigns is a two stage process. 

Stage One

1. Sign into Office 365: Go to https://portal.office.com and sign in. 

2. Click on admin from your list of apps. 

3. In the left-hand column, click on the Admin Centre icon, then click Exchange to open the Exchange Admin Center. 

 

4. Click on Protection from the left-hand menu. 

5. Click on Spam Filter

6. Double-click on Default

7. In the pop-up window, click on Allow Lists. 

8. Under Allowed Sender or Allowed Domain, click the + to add a new email address. Be careful about allowing whole domains, as entering popular domains here like gmail.com can allow malicious actors to bypass your email filtering.

9. In the window that pops up, add the address you’d like to let through. 

Some of the campagin scenarios launched by our system direct users to custom domains that have been registered for training purposes. Ensure that these domains are not blocked, and that they are whitelisted on your proxy/gateway servers:

ironscales.com

banksupports.com

ebuy-service.com

ipurchase.net

it-notif.com

notif-mail.com

notif-system.com

o365supports.com

onlinepurchases.info

phishopedia.com

postofficeweb.com

printers-scan.com

purchases.online

university-notif.com

yourfaxweb.com

10. Click OK.

11. Click Save.

Stage Two

1. Click on Mail Flow 

2. Click on Rules

3. Create a new rule. 

4. Click on more options. 

5. Name the rule: IRONSCHOOLS TRAINING

6. Apply this rule if: The senders IP is in the range 52.24.201.102 or 52.25.139.218

7. Set a priority (this depends on other rules setup

8. Click Save

The rule should look like this: 

 

For any further assistance, please do not hesitate to get in touch with Jura Security at https://www.jurasecurity.com/contact/ 

Related Articles
How To Set Up Your Free Phish Test
How To Set Up Your Free Phish Test

Jura Security’s Free Phishing Test helps you to test your employees’ security effectiveness by sending them simulated phishing emails. Phishing attacks delivered by email work by tricking users into believing an email is genuine. They convince users to...

Read More