1 min read
Log into your Office 365 portal and go into the Admin Center. The 3rd party phishing simulator is under Policies & Procedures > Threat Policies > Advanced Delivery. Add the 8 IP addresses and 10 domains from the lists below:
Direct Link: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
IP Addresses
149.72.184.111
168.245.40.98
149.72.207.249
168.245.30.20
54.209.51.230
18.209.119.19
34.231.173.178
168.245.68.173*
168.245.34.162*
157.230.65.76*
*These are reserve IP addresses. If you are using a third-party spam filter with its own IP addresses, you can replace these reserve IP addresses with the third-party spam filter’s IP addresses.
Domains
security-reminders.com
pii-protect.com
it-support.care
customer-portal.info
member-services.info
bankonlinesupport.com
secureaccess.biz
logineverification.com
Iogmein.com
mlcrosoft.live
cloud-service-care.com
packagetrackingportal.com
Update the connection filter policy with the following networks.
157.230.65.76/32
168.245.34.162/32
168.245.68.173/32
34.231.173.178/32
18.209.119.19/32
54.209.51.230/32
168.245.30.20/32
149.72.184.111/32
168.245.40.98/32
149.72.207.249/32
Direct Link: https://security.microsoft.com/antispam
If you’d like to inspect the powershell script or create the script without downloading, details are below.
#Requires -Module ExchangeOnlineManagement
Install-Module ExchangeOnlineManagement
Connect-ExchangeOnline
#IP addresses for phishing, welcome, micro-training, newsletter & reminder emails
$IPAddresses = “149.72.207.249/32”,
“168.245.40.98/32”,
“149.72.184.111/32”,
“168.245.30.20/32”,
“54.209.51.230/32”,
“18.209.119.19/32”,
“34.231.173.178/32”,
“168.245.68.173/32”,
“168.245.34.162/32”,
“157.230.65.76/32”
#Phishing Domains
$domainList = “it-support.care”,
“~customer-portal.info~”,
“~member-services.info~”,
“~bankonlinesupport.com~”,
“~Iogmein.com~”,
“~mlcrosoft.live~”,
“~packagetrackingportal.com~”,
“~secureaccess.biz~”,
“~logineverification.com~”,
“~cloud-service-care.com~”.
“~security-reminders.com”,
“~pii-protect.com”
#Phishing Simulation URLs
$simURL = “~it-support.care~”,
“~customer-portal.info~”,
“~member-services.info~”,
“~bankonlinesupport.com~”,
“~Iogmein.com~”,
“~mlcrosoft.live~”,
“~packagetrackingportal.com~”,
“~secureaccess.biz~”,
“~logineverification.com~”,
“~cloud-service-care.com~”.
“~security-reminders.com”,
“~pii-protect.com”
#Phishing Override Rule Name
$phishRuleName = “BSNPhishSimOverrideRule”
#Connector Name
$connectorName = “BSN Connector”
#Add URLs to Advanced Delivery Third Party Phishing Simulation
New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries $simURL -NoExpiration
#Create a connector for BSN IP addresses
New-InboundConnector -Name $connectorName -SenderIPAddresses $IPAddresses -RequireTls $true -Enabled $true -SenderDomains *
#Set Connection Filter Policy
$listIPAllowList = New-Object System.Collections.Generic.HashSet[String]
foreach ($ip in $IPAddresses){[void]$listIPAllowList.add($ip)}
(Get-HostedConnectionFilterPolicy -Identity Default).IPAllowList | ForEach-Object {[void]$listIPAllowList.Add($_)}
Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList $listIPAllowList
Connect-IPPSSession
#Add domains and IP addresses to Advanced Delivery Third Party Phishing Simulation
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
New-PhishSimOverrideRule -Name $phishRuleName -Policy PhishSimOverridePolicy -SenderDomainIs $domainList -SenderIpRanges $IPAddresses
344 N. Washington Street
Saint Croix Falls, WI 54024
Hours: Mon-Fri, 10AM to 6PM
24/7/365 – Business Premium Partners ONLY
