G DATA Phishing Simulation
Microsoft Exchange Online and Microsoft Defender standard setup for a phishing simulation
To ensure that the emails of a phishing simulation campaign are routed unhindered to the users' mailboxes without Defender protection measures recognizing these emails as spam and filtering them out, Microsoft offers the simple option of setting up a bypass for these protection mechanisms.
| This does not apply to complex email routing scenarios in which custom connectors route the email message flow. |
Creating a phishing campaign via the Microsoft Defender GUI
1. |
Open the page advanced delivery in the Microsoft Defender Portal Show Screenshot
|
||
2. |
On the Advanced delivery page, select the Phishing simulation tab and click add. Show Screenshot
|
||
3. |
Now enter our domains and IPs here and click kdb:[add].
Show Screenshot
|
||
4. |
Check all the details and click close Show Screenshot
|
Now all e-mails arriving from one of the specified IPs in combination with one of the sender domains are forwarded to the recipients mailbox without filtering.
Creating a phishing campaign via the Windows Powershell
1. |
Open the Exchange Online Powershell with administrative permissions and connect to your Microsoft account. |
||
2. |
Create the phishing policy with the following command:
|
||
3. |
Create the phishing simulation override rule with the following command: Replace Domain1,Domain2,…Domain10 with our domains - each separated by a comma.
|
Now all e-mails arriving from one of the specified IPs in combination with one of the sender domains are forwarded to the recipients mailbox without filtering.