Creating Bypass policy at Microsoft 365 (formerly ATP whitelisting)

Creating Bypass policy at Microsoft 365 (formerly ATP whitelisting)

Comprehensive Whitelisting in Microsoft Defender for Office 365

  1. Safe Links Whitelisting:

    • Access Microsoft 365 Defender Portal:
    • Navigate to Safe Links:
      • Go to Policies & rules > Threat policies > Safe Links.
    • Edit Safe Links Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Do not rewrite URLs:
        • In the policy settings, find the section for Do not rewrite the following URLs.
        • Click + Add and enter the URLs you want to whitelist.
        • Save the changes.
  2. Safe Attachments Whitelisting:

    • Navigate to Safe Attachments:
      • Go to Policies & rules > Threat policies > Safe Attachments.
    • Edit Safe Attachments Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Enable Bypass:
        • In the policy settings, find the section for Bypass.
        • Click + Add and enter the email addresses, domains, or IP addresses you want to whitelist.
        • Save the changes.
  3. Anti-Spam Policy Whitelisting:

    • Navigate to Anti-Spam Policies:
      • Go to Policies & rules > Threat policies > Anti-spam.
    • Edit Anti-Spam Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Allowed Domains and Addresses:
        • In the anti-spam policy settings, find Allowed domains and addresses.
        • Click + Add and enter the domains or email addresses you want to whitelist.
        • Save the changes.
  4. Connection Filter Policy Whitelisting:

    • Navigate to Connection Filter Policies:
      • Go to Policies & rules > Threat policies > Connection filter policy.
    • Edit Connection Filter Policy:
      • Click on the Default policy (or create a new policy if preferred).
      • IP Allow List:
        • In the Connection filtering settings, find IP Allow list.
        • Click + Add to add the IP address you want to whitelist.
        • Save the changes.

    • Related Articles

    • Microsoft 365 ATP (Advanced Threat Protection) Whitelisting

      In case you are using Microsoft O365 Advanced Threat within your mail environment, there is a possibility that you might experience false clicks and email attachment opens. In order for ThreatCop’s email to function properly, additional rules to ...
    • What is DMI Injection and How to implement it?

      The Direct Message Injection (DMI) feature eliminates the need to whitelist simulated phishing emails. DMI bypasses email filtering rules and places emails into your users’ inboxes. This feature works by creating a secure link between your TSAT ...
    • Creating a Phishing Simulation Rule in the O365 Admin Center

      In order to whitelist Threatcop into your O365 environment you need to follow the below mentioned steps: Go to https://www.microsoft365.com/ Locate the square with dots positioned at the upper-left corner. Proceed to access the Security section ...
    • Implementing Hash-Based Whitelisting for Ransomware simulation

      We can have hash-based whitelisting to allow specific executable files to be downloaded and executed. This method ensures that only files with specified hash values are permitted, providing a more granular control over which executables can run. ...
    • How will I know my whitelisting has been done correctly?

      You can verify the status of your whitelisting by initiating a test campaign. Once the email lands in your inbox, it indicates that your whitelisting has been done correctly.