All Collections
Phishing
How to whitelist a domain in Microsoft 365 for a Defense.com phishing campaign
How to whitelist a domain in Microsoft 365 for a Defense.com phishing campaign

In this guide I'll explain how to whitelist the domain for a phishing campaign in Microsoft 365.

Alan Butcher avatar
Written by Alan Butcher
Updated over a week ago

To whitelist a domain, you'll need to modify your inbound spam policy.

  1. Sign in to your Microsoft 365 Defender portal

  2. Click on Policies & rules in the left-hand menu

  3. Choose Threat policies

  4. Select Anti-spam inbound policy (Default).

  5. Scroll down and click on Edit allowed and blocked senders and domains.

  6. Click on Allow domains.

  7. Add the domain that you want to allow (whitelist).

    Please note: The domain is provided when selecting the template during the set up of the phishing campaign.

  8. Click Add domains

    .

  9. Click on Save

    That's it 🎉 You've successfully added the domain to the spam filter allow list. From now on, all emails sent via this particular Defense.com phishing domain will not be marked as spam.

    Note: Each phishing campaign uses a separate domain, so you’ll need to make sure you have added them to your whitelist before you send any future campaigns.

Did this answer your question?