This guide describes how to whitelist Nimblr Simulated attacks in Microsoft Exchange Online.
Whitelist Connection Filter
1. Start with opening the Anti-Spam settings in the Microsoft Defender 365 portal at https://security.microsoft.com/antispam
2. Click Connection filter policy (Default) and then click Edit policy connection filter policy (click the text “Edit policy connection filter policy” - not its checkbox).
3. Add the following IP addresses one at the time (so that they appear in gray boxes like in the picture bellow) and then click Save and Close
- 78.47.225.98
- 116.203.167.208
- 95.216.176.28
Microsoft Advanced Delivery Policy
To keep your organization secure by default, Exchange Online Protection (EOP) does not allow safe lists or filtering bypass for messages that are identified as “high confidence phishing”. To override this, the Advanced Delivery policy must be configured to allow delivery of third-party phishing simulations to users.
1. Go to the Microsoft 365 Defender Advanced delivery page: https://security.microsoft.com/advanceddelivery
2. Click Phishing Simulations and then click Add
3. On the Third-party phishing simulation flyout that opens, configure the following settings:
- Sending domain: nimblr.net, sasender.net and awrns.net
- Sending IP: 78.47.225.98, 116.203.167.208, 95.216.176.28
- Simulation URLs to allow: 135461223.site/*, 953611493.site/*, 1491321218.site/*, nimblr.net/* and awrns.net/*
When you're finished, click Save. The Nimblr phishing simulation entries that you configured are now displayed on the Phishing simulation tab. Click Close.
To avoid the built-in warning notifications in Outlook you may consider configuring the Tenant Allow list for Spoofed Senders.
Additional information on how to configure the Advanced Delivery Policy and delivery of third-party phishing simulations can be found here:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-adva nced-delivery?
Third-party filters: If your domain's MX record doesn't point to Office 365 (messages are routed somewhere else first), secure by default is not available. If you'd like to add protection, you'll need to enable Enhanced Filtering for Connectors (also known as skip listing). For more information, see Manage mail flow using a third-party cloud service with Exchange Online. If you don't want Enhanced Filtering for Connectors, use mail flow rules (also known as transport rules) to bypass Microsoft filtering for messages that have already been evaluated by third-party filtering. For more information, see Use mail flow rules to set the SCL in messages.
Banners and disclaimers: If you are utilizing additional functionalities such as mail flow rules or third-party software to append disclaimers or banners to external emails, you may need to create exceptions for Nimblr simulations. This will help prevent these simulations from being marked as external or receiving warning notifications.
Verify Whitelist configuration
Send a test simulation to verify that your whitelist configurations are functional. Login to your Nimblr portal on https://nimblr.net and navigate to Settings > Delivery test. Send a test simulation to a by clicking Send Email.
