Creating Bypass policy at Microsoft 365 (formerly ATP whitelisting)

Creating Bypass policy at Microsoft 365 (formerly ATP whitelisting)

Comprehensive Whitelisting in Microsoft Defender for Office 365

  1. Safe Links Whitelisting:

    • Access Microsoft 365 Defender Portal:
    • Navigate to Safe Links:
      • Go to Policies & rules > Threat policies > Safe Links.
    • Edit Safe Links Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Do not rewrite URLs:
        • In the policy settings, find the section for Do not rewrite the following URLs.
        • Click + Add and enter the URLs you want to whitelist.
        • Save the changes.

  2. Safe Attachments Whitelisting:

    • Navigate to Safe Attachments:
      • Go to Policies & rules > Threat policies > Safe Attachments.
    • Edit Safe Attachments Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Enable Bypass:
        • In the policy settings, find the section for Bypass.
        • Click + Add and enter the email addresses, domains, or IP addresses you want to whitelist.
        • Save the changes.

  3. Anti-Spam Policy Whitelisting:

    • Navigate to Anti-Spam Policies:
      • Go to Policies & rules > Threat policies > Anti-spam.
    • Edit Anti-Spam Policy:
      • Select the policy you want to modify and click on Edit policy.
      • Allowed Domains and Addresses:
        • In the anti-spam policy settings, find Allowed domains and addresses.
        • Click + Add and enter the domains or email addresses you want to whitelist.
        • Save the changes.

  4. Connection Filter Policy Whitelisting:

    • Navigate to Connection Filter Policies:
      • Go to Policies & rules > Threat policies > Connection filter policy.
    • Edit Connection Filter Policy:
      • Click on the Default policy (or create a new policy if preferred).
      • IP Allow List:
        • In the Connection filtering settings, find IP Allow list.
        • Click + Add to add the IP address you want to whitelist.
        • Save the changes.

    • Related Articles

    • Microsoft 365 ATP (Advanced Threat Protection) Whitelisting

      In case you are using Microsoft O365 Advanced Threat within your mail environment, there is a possibility that you might experience false clicks and email attachment opens. In order for ThreatCop’s email to function properly, additional rules to ...

    • Creating a Phishing Simulation Rule in the O365 Admin Center

      In order to whitelist Threatcop into your O365 environment you need to follow the below mentioned steps: Go to https://www.microsoft365.com/ Locate the square with dots positioned at the upper-left corner. Proceed to access the Security section ...

    • Implementing Hash-Based Whitelisting for Ransomware simulation

      We can have hash-based whitelisting to allow specific executable files to be downloaded and executed. This method ensures that only files with specified hash values are permitted, providing a more granular control over which executables can run. ...

    • How will I know my whitelisting has been done correctly?

      You can verify the status of your whitelisting by initiating a test campaign. Once the email lands in your inbox, it indicates that your whitelisting has been done correctly. 

    • Things to keep in mind before creating a Campaign Template

      Before going to the Dashboard to create a Campaign Template you first need to keep a few things in mind: 1) The Category of your Campaign Template We provide various categories to create campaigns under. If you want to create a campaign related to ...