Menu

Whitelisting by IP Address in Exchange 2013, 2016, or Office 365

Avatar
Katie Brennan
Updated
Follow

How to Whitelist by IP Address in Exchange 2013, 2016, or Office 365

Note:

Office 365 Environments: If you whitelisted our email servers prior to February 2018, you will need to add an additional mail flow rule in your Office 365 Admin center. This rule can be found in the Bypassing the Junk Folder section of this article.

This article will cover how to whitelist our simulated phishing email servers in your Exchange 2013, 2016, or Office 365 environment (the process is the same for all three mail servers).

The goal is to allow us to send simulated phishing emails to bypass your Microsoft Exchange Online Protection (EOP) mail filter. This setup will allow only simulated phishing emails from us to bypass this filter.

First, you'll want to set up an IP Allow List which includes our three IP addresses. Next, you will set up a mail flow rule to allow incoming mail to bypass both the Clutter folder, as well as Microsoft's EOP spam filter. You must do BOTH to whitelist successfully.

Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out your new whitelisting rules.

The instructions for setting up these rules are shown below (the below instructions show screenshots for Office 365).  Alternatively, you can watch our video on whitelisting by IP address in Office 365 here.

Jump to:

 

 

Setting Up Your IP Allow List

If you are using Exchange 2013, you can set up an IP allow list using a command line. See instructions on this Technet article: Add-IPAllowListEntry

  1. Log into your mail server admin portal and click Admin.

  2. Click on Exchange.

  3. Click on connection filter (beneath protection heading).

  4. Click on connection filter, then click the Pencil icon to edit the default connection filter policy.

  5. Under the IP Allow list, click the sign to add an IP address.

  6. On the Add allowed IP address screen, add our IP addresses one at a time. For the most up-to-date list of our IP addresses, please see this article.
  7. On the Add allowed IP address screen, add our IP addresses one at a time. For the most up-to-date list of our IP addresses, please see this article. Adding our IPs to your Allowed IP list:

  8. Click OK, then Save. Next, you will want to set up a mail flow rule to allow our mail to bypass spam filtering and the Clutter folder.

Back to Top

 

Bypassing Clutter and Spam Filtering

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, you can follow the steps below.

  1. Go to Admin > Mail > Mail Flow.
  2. Click the (+) Bypass Spam Filtering button beneath Mail Flow > Rules and select Bypass Spam Filtering.

    Exchange Admin Center:

  3. Give the rule a name, such as "Bypass Clutter & Spam Filtering by IP Address".
  4. Click on More options
  5. Add the condition Apply this rule if....
  6. Select The sender, then click on More Options and select IP address is in any of these ranges or exactly matches.

    New Rule Screen:

    Don't see the settings you need?

    Make sure you click the More options link on the New Rule screen to be able to see all the settings you need. 

  7. Specify the following sender IP addresses, then click OK. For the most up-to-date list of our IP addresses, please see this article.

    Note:

    If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

    Specify Sender IP addresses:

  8. Beneath Do the following, click Modify the message properties then Set a Message Header.

    Modifying the message properties:

  9. Click on the *Enter text... button to set the message header to this value:

    • Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true". Both "X-MS-Exchange-Organization-BypassClutter" and "true" are case sensitive.

      Set the message header value:

  10. Add an additional action beneath Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.

    Bypass Spam Filtering

  11. Click Save. An example of the completed rule is below.

    Completed Mail Flow Rule

 

 

To test out your whitelisting and make sure phishing security tests will reach your end users, you can set up a phishing campaign to a small test group which includes yourself. Once the simulated phishing email reaches your inbox, you'll know you've successfully whitelisted our servers in your system.

Note:

For best practices, we recommend leaving the other options at their default settings.

Back to Top

 

 

Bypassing the Junk Folder (O365 mail servers ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

Note:

Office 365 Environments: If you whitelisted our email servers prior to February 2018, you will need to add an additional mail flow rule in your Office 365 Admin center. This rule can be found in the Bypassing the Junk Folder section of this article.

  1. Go to Admin > Mail > Mail Flow.
  2. Click the (+) Bypass Spam Filtering button beneath Mail Flow > Rules.

  3. Give the rule a name, such as "KnowBe4-Skip Junk Filtering".
  4. Click on More options.
  5. Add the condition Apply this rule if.....
  6. Select The sender, then click on More options and select IP address is in any of these ranges or exactly matches. Specify the following sender IP addresses, then click OK. For the most up-to-date list of our IP addresses, please see this article.
  7. Beneath Do the following, click Modify the message properties then Set a Message Header.
  8. Set the message header to this value:

    Set the message header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".

    Note:

    To learn more about this header, click here.

  9. Beneath Properties of this rule set the priority to directly follow the existing rule (outlined in Bypassing Clutter and Spam Filtering) set up for KnowBe4 whitelisting.
  10. Click Save. An example of the completed rule is below.

    Completed Mail Flow Rule

Back to Top

 

Preventing Deferments in Office 365

If you're experiencing issues with your emails being deferred in Office 365 due to Microsoft's rate limiting or similar issues, you may need to set up an additional mail flow scenario called a connector in order for our emails to get through without delay.

To add a connector to your Office 365 account, follow the steps below:

  1. From your Exchange admin center, click mail flowconnectors.
  2. Click the + sign to create a new connector.
  3. In the From field, click the drop-down menu and select Partner organization.

  4. In the To field, click the drop-down menu and select Office 365.

  5. Click Next.

  6. On the next screen, you will need to name the connector. Name it something identifiable, such as KB4 PST Connection Filter. You can also add a description if you'd like.

  7. When you're done, click Next.
  8. Select the Use the sender's IP address option and then click Next.

  9. Add all of our IP addresses. For the most up-to-date list of our IP addresses, please see this article.

    Note:

    If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

  10. Once you've added all of our IP addresses, click Next.
  11. Select the Reject email messages if they aren't sent over TLS security option. This option ensures that only emails that are TLS encrypted will be sent through. We send all our emails over TLS for security purposes.

  12. Click Next and then after reviewing that your settings for the connector are correct, click Save.

Back to Top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles