How to whitelist by IP address in Exchange 2013, 2016, or Office 365?

This guide will cover how to whitelist the emPower simulated phishing email server in your Exchange 2013, 2016, or Office 365 environment.

The goal is to allow the simulated phishing emails to bypass the Microsoft Exchange Online Protection (EOP) mail filter. These settings will allow only simulated phishing emails from emPower to bypass the filters.

First, you’ll be setting up an IP Allow List which would include the emPower IP address. Next, you'd set up a mail flow rule to allow incoming mail to bypass both the Clutter folder, as well as Microsoft's EOP spam filter. 

Section 1: Setting up your IP Allow list

Note: If you are using Exchange 2013, you can set up an IP Allow list using a command line. See instructions on this article: Add-IPAllowListEntry

1. Log into your mail server admin portal and go into the Admin.

   

2. Click on Exchange section under Admin Centers.

   
   

   The screen below is the Exchange admin center.

3. Under Protection, click on Connection Filter.

   

4. Under the Connection Filter tab, click the Pencil icon to edit the default connection filter policy.

   
5. Click connection filtering.

6. Under the IP Allow list, click the (+) sign to add an IP address.

   
7. On the "Add allowed IP address" screen, add the emPower IP address: 69.72.35.48
8. Click OK, then click Save.

Next, you will want to set up a mail flow rule to allow our mail to bypass spam filtering and the Clutter folder.  

Section 2: Bypass clutter and spam filters

Lets ensure emPower emails will bypass your Clutter folder as well as spam filtering within Microsoft's EOP.

1. Log into your mail server admin portal and go into the Admin.
2. Click on Exchange section under Admin Centers.
3. Go to Mail flow.

4. Click the (+) icon, and select Create New Rule from the dropdown.

   
5. Give the rule a name, such as (emPower Whitelisting).
6. Click on "More options".

7. Under the "Apply this rule if...." select "The sender", then select "IP address is in any of these ranges or exactly matches”.

   
8. Specify the sender IP address as: 69.72.35.48

9. When done, click OK.

   

10. From the "Do the following" drop down, select "Modify the message properties", and then select "Set a Message Header".

    
11. Set the message header to this value: 
    Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true".

    • *Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive.

      
12. Under "Do the following", add a second action. Select "Modify the message properties", and then select "Set the spam confidence level (SCL) to..."

13. In the specify SCL pop-up, select "Bypass Spam Filtering" from the dropdown.

    

14. When done, click Save. Your screen should look like this.

    

Section 3: Bypass the junk folder

*For customers using Office 365, only*

 This rule will allow only simulated phishing emails from emPower to bypass the Junk folder.

1. Log into your mail server admin portal and go into the Admin.
2. Click on Exchange section under Admin Centers.
3. Go to Mail flow.

4. Click the (+) icon, and select Create a New Rule from the dropdown.

   
5. Give the rule a name, such as (emPower Whitelisting)
6. Click on "More options".
7. Under the "Apply this rule if...." select "The sender", then select "IP address is in any of these ranges or exactly matches”
8. Specify the sender IP address as: 69.72.35.48
9. When done, click OK.
10. From the "Do the following" drop down, select "Modify the message properties", and then select "Set a Message Header".
11. Set the message header to this value: 
    - Set the message header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".
    • To learn more about this header, click here. 
12. Under the "Properties of this rule" set the priority to directly follow the existing rule (outlined in SECTION 2) set up for emPower whitelisting.
13. When done, click Save.