Team: SAT
Environment: Microsoft Active Threat Protection (ATP)
Summary: Deliverability of phishing emails requires Microsoft ATP or Safelink allow list settings to be put in place. Without these, phishing emails may recording inaccurately, or will not send at all.
In order to ensure the Huntress SAT phishing emails are properly delivered, and your reporting is accurate, it may be necessary to create a mail flow rule to ensure the emails are allow listed by Microsoft's ATP. This will also make sure that phishing emails are not opened/clicked prior to their delivery.
- Create a new mail flow rule in your Exchange/Office Admin center
- Give the rule a name such as "Bypass ATP Links".
- Click More options....
- From the Apply this rule if…. drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches.
- Enter our IP address :
18.205.140.116 (Phishing Server)
168.245.36.66 (Training Server) - From the Do the following… drop-down menu, select Modify the message properties... and then set a message header.
- Click the first *Enter text... link and set the message header to:
- X-MS-Exchange-Organization-SkipSafeLinksProcessing
- Click the second *Enter text... link and set the value to: 1
- Click Save.
- Click the first *Enter text... link and set the message header to: