Microsoft Defender for Office 365: Auto Allow of Third-Party Phish Simulation URLs in Email Message Body

Originally posted by Microsoft Apr 26, 2023 Uncategorized 0 Comments

We’re enabling automatic allow of URLs present in the email message body for third-party phishing simulation campaigns. With this update, security admins no longer need to configure the “Simulation URLs to allow” field in the advanced delivery policy as previously required to ensure URLs are not blocked at time of click. These URLs will now be automatically allowed as part of the phishing simulation allow on the email message (based on configured sending domain and sending IP in the advanced delivery policy)

This message is associated with Microsoft 365 Roadmap ID 124820

When this will happen:

We will begin rolling out in late May and expect to complete rollout by late June.

How this will affect your organization:

The update to the advanced delivery policy enables durable, simplified configurations for customers to safely run third-party phishing simulation campaigns with Defender for Office 365. As long as the domain (P1 sending or DKIM) and sending IP are configured in the advanced delivery policy, URLs present in the phishing simulation email message body will now be automatically allowed.

Note: This update will be enabled for email-based third-party phishing simulation campaigns only. The “Simulation URLs to allow” field is still available in the advanced delivery policy for non-email phishing simulation use cases such as time of click allows needed for Teams or Office applications.

What you need to do to prepare:

No action is required.

Learn more about how to the configure advanced delivery policy: Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.

Message ID: MC545900