Microsoft Office 365 Defender Basic/Advanced

This article will cover how to whitelist Curricula’s training email and phishing simulator email servers in Microsoft 365 Defender.

Step 1. Basic Whitelist

Sign in to Microsoft 365 Defender portal

1. Scroll down and select Email & collaboration
2. Select Policies & rules
3. Select Threat policies in the list

  4.  Under Policies, Select Anti-spam

  5.  Select Anti-spam inbound policy (Default)

  6.  Scroll down to Allowed And Blocked Senders and domains to Select Edit allowed and blocked senders and domains in the fly-out

  7.  In the fly-out under Allowed, select Allowed domains

  8.  Click the Add Domains + button to add the following domains one at a time and press Enter/Return to add them to the list.

• mycurricula.com
• alerts.mycurricula.com
• phish.mycurricula.com
• securitynotifications.org
• security-updater.com
• amazonsecurity.org
• breach-notice.com
• filesharingnow.com
• mailbox-quota.com
• passwordsnotification.com
• securelinkedin.com
• fraud-assistance.com
• payment-process.com
• news-article.com
• invite-meeting.com
• feedback-collect.com
• businessnotice.org
• databoxonline.com
• electronic-hr.com
• emailtransaction.com
• employee-services.org
• governmentnotice.org
• notificationservices.org

  9.  When finished select the Add domains button

  10.  Select Done

  11.  Click Save

You have now completed Basic whitelisting of Curricula’s domains. To whitelist our Phishing Simulation Servers and Domains follow Step 2 to bypass Microsofts Advanced Filtering that is not bypassed in Step 1. This includes :

• Content Filtering
• High confidence spam
• High confidence phishing email

 

Step 2. Advanced Phishing Simulator Whitelist

Sign in to Microsoft 365 Defender portal

1. Scroll down and select Email & collaboration
2. Select Policies & rules
3. Select Threat policies in the list

 

  4.  Scroll down to the Rules section and select Advanced delivery

 

   5.   Select Phishing simulation tab, then select Edit

    6.  Under Sending Domain add the following Curricula Domains and Phishing Domains (one at a time then press Enter/Return to confirm the domain)

• securitynotifications.org
• security-updater.com
• amazonsecurity.org
• breach-notice.com
• filesharingnow.com
• mailbox-quota.com
• passwordsnotification.com
• securelinkedin.com
• fraud-assistance.com
• payment-process.com
• news-article.com
• invite-meeting.com
• feedback-collect.com
• businessnotice.org
• databoxonline.com
• electronic-hr.com
• emailtransaction.com
• employee-services.org
• governmentnotice.org
• notificationservices.org

 7.  Under Sending IP add the following Curricula IP’s

• 18.205.140.116 (Phishing Server)
• 168.245.36.66 (Training Server)

 8.   When finished select Save.

 

Now that you are finished whitelisting for your Microsoft 365 account, we recommend a Delivery test via Settings > Phishing > Deliverability test in Curricula. Then send an assignment notification and/or phishing campaign to yourself or a small group of employees to verify the whitelisting was successful before launching Curricula to your staff.

*If you have any messages that get placed in users junk email folders, add all Curricula Phishing domain's to the allowed list described in Step 1. 

If these steps don’t resolve the issue, let us know by submitting a ticket to our support team.

You can contact us anytime by submitting a support request using the link below:

https://support.curricula.com/kb-tickets/new