Threat Defense phishing campaigns may be blocked by the new default security settings in Office 365. (For more information see Microsoft's article:  Configure the Delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes). Follow these steps to whitelist BrainStorm Phishing Campaigns for your organization.


Note: Additional whitelisting may be required. See the following articles:

Whitelisting BrainStorm Threat Defense

Microsoft Windows Defender Domain Whitelisting


Whitelisting Threat Defense in the Advanced Delivery Policies


1. Log into your Microsoft 365 Defender.


2. Under Email & collaboration, click Policies & Rules.


3. On the Policies & rules screen, select Threat Policies.


4. Under Rules, click Advanced Delivery.


5. Click the Phishing Simulation tab. You may either edit an existing configuration or click the add button to create one. This will take you to the Add Third-Party Phishing Simulations screen.


6. On the Add( or Edit) Third-Party Phishing Simulations screen, fill in the following fields:

  1. Domain: Click the arrow next to domain to expand the domain list.
    Note: the sender domain is a legitimate-looking domain. You will need to Add your organization's specific Threat Defense domain given to you by QuickHelp.

b. Sending IP (for BrainStorm Threat Defense): Enter: 52.228.117.29

c. Simulation URLs to allow: Enter the specific domain of the URL given to you by QuickHelp to use in your phishing campaign email. Enter it as follows:

     “*” as a wildcard followed by a period (“.”) , then after the domain add a "/" followed by "*" as another wildcard. See the following example for formatting: *.ExampleCustomerPhishingDomain/* 


Note: You may also choose to enter any or all of the subdomains (some are listed below)
Note: Please remember that your organization's advanced delivery policy may have a limit. It may only allow between 1-20 entries

  1. *.amazon.com/*
  2. *.myworkday.com/* 
  3. *.login.linkedin.com/* 
  4. *.microsoft.com/* 
  5. *.microsolt.com/* 
  6. *.microsalt.com/* 
  7. *.dhs.gov/* 
  8. *.securedocuments.com/* 
  9. *.facebookmail.com/* 
  10. *.facebook.com/* 
  11. *.filesyncservices.com/* 
  12. *.accounts.google.com/* 
  13. *.google.com/* 
  14. *.login.live/* 
  15. *.microsoft-password-reset.com/* 
  16. *.dmv.realid/* 
  17. *.onedrive.live/* 
  18. *.paymentdirect.com/* 
  19. *.modernatx.com/* 
  20. *.teams.microsoft.com/* 
  21. *.linkedin.com/* 
  22. *.ancestry-offers.com/*

7. Click SAVE


For more information see Microsoft's article: Configure the Delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.


There are additional scenarios that may require filtering bypass. We recommend that you view Microsoft's documentation to see if it applies to you: Addtional scenarios that require filtering bypass.