Threat Defense phishing campaigns may be blocked by the new default security settings in Office 365. (For more information see Microsoft's article Secure by default in Office 365.) Follow these steps to whitelist BrainStorm Phishing Campaigns for your organization.


Note: Additional whitelisting may be required. See the following articles:

Whitelisting BrainStorm Threat Defense

Microsoft Windows Defender Domain Whitelisting


Whitelisting Threat Defense in the Advanced Delivery Policies


1. Log into your Microsoft 365 Defender.


2. Under Email & collaboration, click Policies & Rules.


3. On the Policies & rules screen, select Threat Policies.


4. Under Rules, click Advanced Delivery.


5. Click the Phishing Simulation tab. You may either edit an existing configuration or click the add button to create one. This will take you to the Add Third-Party Phishing Simulations screen.


6. On the Add( or Edit) Third-Party Phishing Simulations screen, fill in the following fields:

  1. Domain: the sender domain is a legitimate-looking domain. You will need to Add your organization's specific Threat Defense domain given to you by QuickHelp.



b. Sending IP (for BrainStorm Threat Defense): 52.228.117.29

c. Simulation URLs to allow: Enter the specific domain of the URL given to you by QuickHelp to use in your phishing campaign email. Enter it as follows:

     “*” as a wildcard followed by a period (“.”) , then after the domain add a "/" followed by "*" as another wildcard. See the following example for formatting: *.ExampleCustomerPhishingDomain/* 


Note: You may also choose to enter any or all of the subdomains listed below. (Please remember that your organization's advanced delivery policy may have a limit. It may only allow between 1-20 entries)

  1. *.amazon.com/*
  2. *.myworkday.com/* 
  3. *.login.linkedin.com/* 
  4. *.microsoft.com/* 
  5. *.microsolt.com/* 
  6. *.microsalt.com/* 
  7. *.dhs.gov/* 
  8. *.securedocuments.com/* 
  9. *.facebookmail.com/* 
  10. *.facebook.com/* 
  11. *.filesyncservices.com/* 
  12. *.accounts.google.com/* 
  13. *.google.com/* 
  14. *.login.live/* 
  15. *.microsoft-password-reset.com/* 
  16. *.dmv.realid/* 
  17. *.onedrive.live/* 
  18. *.paymentdirect.com/* 
  19. *.modernatx.com/* 
  20. *.teams.microsoft.com/* 
  21. *.linkedin.com/* 
  22. *.ancestry-offers.com/*