Simulations triggered without human interaction is usually due to some kind of security software that inspects links before the user is allowed to visit the site (most likely the Microsoft Defender URL scanning). It is important that you configure the whitelisting of the simulations correctly so that they are not triggered by any automatic function. If you use Office 365 / Exchange online - the standard Nimblr Whitelist guide will ensure that:
- Filters in EOP and Microsoft Defender for Office 365 take no action on the Nimblr simulations.
- Admin submissions generate an automatic response saying that the message is part of a phishing simulation campaign and isn't a real threat. Alerts and AIR will not be triggered. The admin submissions experience will show the Nimblr simulations as a simulated threat.
- When a user reports a phishing simulation message using the built-in Report button in Outlook on the web or the Microsoft Report Message or Report Phishing add-ins, the system will not generate an alert, investigation, or incident. The links or files will not be detonated, but the message will appear on the User reported tab of the Submissions page.
- Safe Links in Defender for Office 365 doesn't block or detonate the specifically identified URLs in the Nimblr simulations at time of click. URLs are still wrapped, but they aren't blocked.
- Safe Attachments in Defender for Office 365 doesn't detonate attachments in the Nimblr simulations.
- Zero-hour Purge (ZAP) for spam and phishing take no action on the Nimblr simulations.
- Default system alerts aren't triggered for these scenarios.
- AIR and clustering in Defender for Office 365 ignores the Nimblr simulations.
The Microsoft Advanced Delivery settings for 3rd party Phishing simulations have been included in the Nimblr whitelist guide since November 2021, but not until recently (september 2023) Microsoft started to ignore the old methods of whitelisting