Office 365 Advanced Threat Protection (ATP) Bypass Rules

If you are using Advanced Threat Protection (ATP) in your mail environment and have experienced false clicks or false attachment opens, you can set up mail flow rules. Setting up mail flow rules allows you to bypass safe links and attachments processing for phishing test emails from KnowBe4's IP addresses.

Jump to

ATP Link Processing Bypass Rule
ATP Attachment Processing Bypass Rule

ATP Link Bypass Rule

To set up a mail flow rule to bypass ATP link processing:

1. Create a new mail flow rule in your Exchange/Office Admin center.
2. Name the rule, for example, Bypass ATP Links.
3. Click more options.
4. From the Apply this rule if…. drop-down menu, select Senders IP address is in the range…
5. Enter our IP address. For the most up-to-date list of our IP addresses, please see this article. 
6. From the Do the following… drop-down menu, select Set the message header… and then to this value...
   • Set the message header to:
     • X-MS-Exchange-Organization-SkipSafeLinksProcessing
   • Set the value to:
     • 1
7. Save your new rule.

Back to Top

ATP Attachment Bypass Rule

Below are the steps to set up a mail flow rule to bypass ATP Attachment Processing:

1. Create a new mail flow rule in your Exchange/Office Admin center.
2. Name the rule, for example, Bypass ATP Attachments.
3. Click more options.
4. From the Apply this rule if…; drop-down, select Senders IP address is in the range…
5. Enter our IP addresses. Please see this article for the most up-to-date list of our IP addresses.
6. From the Do the following… drop-down, select Set the message header... and then To this value....
   • Set the message header to:
     • X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
   • Set the value to:
     • 1
7. Save your new rule.

Still need assistance? Submit a support ticket and we can help!

Back to Top