HowTo: Avanan Allow-Listing in Microsoft 365
This HowTo article explains how to configure Avanan’s Allow Listing rules to allow Attack Phishing tests to reach end users in Microsoft O365 environments.
Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses negative reinforcement to reduce click rates in employees. To be successful, always pair with Positive Reinforcement, educational, and realistic HootPhish phishing simulations for the best Affect and Effect on end users.
1. Access the Microsoft Security Dashboard for the client (can be done via CIPP), and follow the steps at this link https://cyberhoot.com/howto/howto-whitelist-by-x-header-in-exchange-2013-2016-or-microsoft-365/ but use the IP’s and domains below. Please Note: You do NOT need the “url” section mentioned at the link
Add the Domains and IP addresses listed in this document.
For a detailed view of the Avanan screens, see the images on the next page.
2. Connection Filter Allow
Next you will want to add these IP’s instead (always leave Avanan IPs)
Add the Domains and IP addresses listed in this document.
Mail Flow Rule for Avanan
- Log into ADMIN.MICROSOFT.COM -> eXCHANGE PORTAL
- Create a New Exchange Mail flow Rule ABOVE Avanan Protect named “Avanan Cyberhoot (IPs)”
- Sender ip addresses belong to one of these ranges: ‘54.240.125.36/32’ or ‘54.240.125.37/32’
YOU HAVE TO CHANGE THE VALUE TO MATCH THE AVANAN PORTAL IP – e.g. tenantname becomes <shortname> for <Tenant Full Name> — set message header ‘X-CLOUD-SEC-AV-INFO’ with the value ‘tenantname,google_mail,inline’
3. Enable and Stop Processing more Rules as shown below.
4. Click on Rule
5. Edit Settings
6. Change Priority to 0
7. Save. The rule should now be at the top
8. Click on rule
9. “enable or disable rule” slider to enabled. it will now show enabled
Powershell Script for Safe Senders
- Open powershell on your computer
- paste in the text contained at this link: cyberhoot.com/wp-content/uploads/2023/08/PowerShell-Script-to-add-CyberHoot-Phishing-Domains-to-all-Users-Safe-Senders-Lists-4.txt
- Click enter
- Authenticate to the client’s m365 GA account
- It will slowly run through a list of all their users
- Once completed you should see PS C:WINDOWSsystem32> Write-Output “Finished!”
Sign out of the m365 account in your browser (you can go to admin.microsoft.com and sign out)
Related Articles
HowTo: Avanan Allow-Listing in Google Workspace
This HowTo article explains how to configure Avanan’s Allow Listing to allow Attack Phishing tests to reach end users. Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses negative reinforcement ...HowTo: Allow-List by X-Header in Exchange 2013, 2016, or Microsoft 365
Allow-Listing X-Headers is necessary in order for CyberHoot to send simulated phishing emails to bypass your mail filter. We recommend whitelisting by IP address or hostname but depending on your system setup, allow-listing by headers may be the most ...HowTo: Allow-List CyberHoot’s Mail-Relays in M365
High-Level Instructions: This HowTo video walks you through allow-listing CyberHoot’s Mail-Relay by either Domain Name or IP Addresses in Microsoft’s O365 environment. This process is very similar whether you use the domain names shown below or the ...HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365
Detailed Instructions From Microsoft: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide Once you click the link above, follow the instructions under ...HowTo: Allow-List in MailProtector
This HowTo article explains how to configure Allow Listing rules in to allow Attack Phishing tests to reach end users using MailProtector. Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses ...