1. Phishing Campaigns
WatchDog Security Help Center
Admin Guide
  • Docs Home
  • Admin Guide
  • User Guide
  • MSP Guide
  • Getting Started
  • Create Your Free Organization
  • Domain Reservation
  • Company Management
    • Manage Branding
    • Delete Organization
  • Notification Center
    • Organization Events
    • User Events
    • Configure Notification Settings
    • User Notification Override
  • Posture Management
    • View Integrations
    • Configure Automated Integrations
    • Manage Automated Monitors
    • Configure Manual Integrations
    • Manage Manual Monitors
  • WatchDog University
    • Assigning Courses using WatchDog University
    • Auditing Course Completion
    • Downloading a Certificate of Completion
  • Policy Management
    • Create Policy
    • Publish Policy
    • Track Policy Acceptance
    • Send Policy Reminder
    • Update Policy
    • Download Policy Version
    • Delete Policy
    • Retire Policy
  • Risk Management
    • Perform A Risk Assessment
    • View and Manage Risks in Risk Register
    • Create Manual Risk
    • Edit and Manage Risk
    • Manage Risk Tasks
    • Manage Risk Lifecycle
  • Vendor Management
    • Add Vendor
    • Track Security Events
    • Manage Vendor Documents
    • Perform Vendor Assessments
    • Classify Vendor Risk
  • Inventory
    • Add Inventory Item
    • Update Inventory Item
    • Auto Populate Inventory
  • Compliance Center
    • Add Compliance Framework
    • Edit Compliance Framework
    • Assigning Control Owners
    • Pause Monitors and Documents
    • Manage Compliance Documents
    • Schedule Audit
    • Automated Monitoring
    • Cross-Framework Reuse
    • Progress Tracking
  • Trust Center
    • Customize Trust Center
    • Manage Trust Center Access
    • Monitor Access Activity (Events)
    • Custom Domain Setup
  • Vulnerabilities
    • Centralized Vulnerability Tracking
    • Import Vulnerabilities
    • Create Manual Vulnerabilities
    • Assign And Collaborate On Vulnerabilities
    • Configure Time To Remediate (TTR)
  • Control Panel
    • Manage Support Access
    • Phishing Campaigns
      • Creating an Allowlist for Phishing Simulations in Microsoft 365
      • Configure Google Workspace Allowlist for Phishing Simulations
  • User Management
    • Add Users
    • Configure Directory Sync
    • Manage User Access
    • Assign Licenses
    • Manage Invites And Users
    • Change Account Owner
    • Reset 2FA
  • Integrations
  1. Phishing Campaigns

Creating an Allowlist for Phishing Simulations in Microsoft 365

WatchDog Security Automated Phishing Campaigns simulate real phishing attacks to train users and identify risk.
Microsoft 365 (Exchange Online Protection) will block these emails by default, as they resemble real phishing attempts. To ensure successful delivery, you must configure an allowlist using Advanced Delivery Policies.

Configure Advanced Delivery#

This configuration ensures phishing simulations bypass Microsoft Defender filtering.
1
Open Microsoft Defender
Navigate to Microsoft Defender Portal.
2
Open Advanced Delivery
Go to Email & Collaboration → Policies & Rules → Threat Policies → Advanced Delivery.
3
Edit Phishing Simulation
Select the Phishing Simulation tab and click Edit.
4
Add Domains
Enter the following domains under Domain:
secalerts.ca, tlsprotect.ca, norepiy.ca, portal-login.fyi, Authenticati0n.ca, account-login.ca
5
Add Sending IP
Enter 69.147.224.210 under Sending IP.
6
Save Configuration
Click Save to apply the allowlist settings.

Configure Mail Flow Rule (Optional)#

Only required if using WatchDog Email Security Firewall.
1
Open Exchange Admin
Navigate to [Exchange Admin Center].(https://admin.cloud.microsoft/exchange#/homepage)
2
Open Mail Flow Rules
Go to Mail Flow → Rules.
3
Create New Rule
Click Add a rule and select Create a new rule.
4
Name The Rule
Enter WatchDog Security Phishing Simulation Allowlist.
5
Set Sender Condition
Set The sender → IP address is and enter 69.147.224.210.
6
Set Message Header
Select Modify message properties → Set a message header and enter X-CLOUD-SEC-AV-Info.
7
Set Header Value
Enter [portalname],office365_emails,inline replacing [portalname].
8
Bypass Spam Filtering
Set Spam Confidence Level (SCL) to Bypass spam filtering.
9
Enable Rule
Set Rule mode to Enforce and enable the rule.
10
Set Priority
Set Priority to 0 and save the rule.

What Happens Next#

Phishing simulation emails bypass Microsoft 365 filtering controls.
Users receive phishing simulations directly in their inbox.
Email delivery reliability improves for automated campaigns.
Campaign results accurately reflect user behavior.

Troubleshooting#

Phishing Emails Still Going to Spam
If emails are still being filtered:
Verify domains are added correctly in Advanced Delivery
Confirm the Sending IP is correct
Check if additional security tools are overriding policies
Advanced Delivery Option Missing
Mail Flow Rule Not Working
Emails Blocked by External Security Tools
Modified at 2026-03-18 21:15:22
Previous
Phishing Campaigns
Next
Configure Google Workspace Allowlist for Phishing Simulations
Built with