Section 1: Configuring your Microsoft 365 Defender

Log in to your Microsoft 365 Defender portal.

Follow this path to Email & Collaboration -> Policies & Rules -> Threat policies -> Advanced Delivery -> Phishing Simulation -> Add.

On the Edit third-party phishing simulation flyout that opens, enter domains, sending IPs, and simulation URLs for our product. To find these details, please log in to HookPhish and click the chat widget at the lower-right corner. Then click Allow List, and open Add HookPhish to your Exchange / Microsoft 365 Allow List. Note that our simulation URLs will change over time, so please check the list before you launch a campaign.

Note: For more information on Microsoft 365 Defender settings, please visit this link.

Note: If you are still unable to receive the phishing campaign after configuring Section 1 – Microsoft 365 Defender, proceed to Sections 2–4.

Section 2: Setting up your IP allow list

Log into your Microsoft 365 Defender admin portal.

Select Connection-filter policy (Default).

Click Edit connection filter policy.

Allow messages from the following IP addresses or address range:

Sender Email Domain:

• microsoftemaillogin.com
• email-id-login.com
• forget-password.com
• account-varify.com

Server IPs:

• 164.92.152.162

Section 3: Bypassing your Clutter Folder and Spam Filter

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft’s EOP, you can follow the steps below:

1. Go to Admin -> Exchange Admin Center -> Mail Flow -> Rules.
2. Click the (+) and select Bypass Spam Filtering.
3. Give the rule a name, such as Bypass Clutter & Spam Filtering by IP Address.
4. Click on More options.
5. Add the condition Apply this rule if….
6. Select The sender, then click on More options and select IP address is in any of these ranges or exactly matches.
   1. 
7. Specify the following IP address, then click OK:

• 164.92.152.162

Beneath Do the following, click Modify the message properties then Set a Message Header.

Set the message header to this value:

• Set the message header X-MS-Exchange-Organization-BypassClutter to the value true.

Note: Both X-MS-Exchange-Organization-BypassClutter and true are case sensitive.

Add an additional action beneath Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to… and select Bypass Spam Filtering.

Click Save.

Section 4: Bypassing your Junk Folder for Office 365 Mail Servers

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your recipients are receiving simulated phishing emails in their inboxes.

1. Go to Admin -> Exchange Admin Center -> Mail Flow -> Rules.
2. Click the (+) Create New Rule button beneath Mail Flow -> Rules.
3. Click More Options.
   1. 
4. Give the rule a name, such as HookPhish – Skip Junk Filtering.
5. Click on More options.
6. Add the condition Apply this rule if….
7. Select A message header -> includes any of these words.
8. On the right side of that rule, you will see Enter text and Enter words….
9. Click Enter text and type in the header X-HookPhishCustom, then click Enter words… and paste the customized mail header value from the HookPhish portal. Click the big + sign.

In the HookPhish portal, go to Settings -> Company details and copy the contents of the Key and Value fields.

Beneath Do the following, click Modify the message properties then Set a Message Header.

Set the message header X-Forefront-Antispam-Report to the value SFV.

1. 
2. 

Add an additional action beneath Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to… and select Bypass Spam Filtering.

Click Save.