Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska Kiswahili ไทย Türkçe Українська Tiếng Việt 简体中文 中文 (香港) 繁體中文

Whitelisting by IP Address in Exchange 2013, 2016, or Microsoft 365

Avatar
Maddy Townsend-Hahn
Updated
Follow

How to Whitelist by IP Address in Exchange 2013, 2016, or Microsoft 365

Note: Microsoft 365 Environments: If you whitelisted our email servers prior to March 2020, we recommend configuring a connector to prevent emails from being deferred. This rule can be found in the Step 4: Setting Up Connectors to Prevent Deferments (M365 ONLY) section of this article.

Note: Microsoft has recently announced that they are making updates to their whitelisting process. We are currently investigating how these updates will impact our instructions for whitelisting KnowBe4 with Microsoft 365.

These updates have not been released yet and should not affect your organization’s current workflow.

When the updates are released, we will notify you if there are any changes to the process and update any affected articles.

This article will cover how to whitelist our simulated phishing email servers in your Exchange 2013, 2016, or Microsoft 365 environment (the process is the same for all three mail servers).

The goal is to allow us to send simulated phishing emails to bypass your Microsoft Exchange Online Protection (EOP) mail filter. This setup will allow our simulated phishing emails as well as our training notifications to bypass this filter.

First, you'll want to set up an IP Allow List which includes our IP addresses. Next, you will set up a mail flow rule to allow incoming mail to bypass both the Clutter folder, as well as Microsoft's EOP spam filter. Then, if you are using Microsoft 365, you will need to set up an additional connector to prevent deferments. You must set up ALL of these rules to whitelist successfully.

Note:

As an alternative for KnowBe4 users with an active subscription, we recommend our Direct Message Injection (DMI) feature. DMI eliminates the need to whitelist simulated phishing emails by creating a secure link between your KnowBe4 console and your Microsoft 365 Account. See our Direct Message Injection Guide for more information.

Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign for yourself or a small group to test out your new whitelisting rules.

The instructions for setting up these rules are shown below (the instructions show screenshots for Microsoft 365).  Alternatively, you can watch our video on whitelisting by IP address in Microsoft 365 here.

Jump to:

 

Step 1: Setting Up Your IP Allow List

Below are instructions on how to set up your IP allow list for Exchange 2013, 2016, and Microsoft 365. If you are using Exchange 2013, you can set up an IP allow list using a command line. See instructions on this Technet article: Add-IPAllowListEntry

  1. Log into your mail server admin portal and click Admin.

  2. Click Exchange under Admin Centers in the left-hand menu.

  3. Click connection filter beneath protection.

  4. Click the Pencil icon to edit the default connection filter policy.

  5. Click connection filtering. Then, under the IP Allow list, click the sign to add an IP address.

  6. On the Add allowed IP address screen, add our IP addresses one at a time. For the most up-to-date list of our IP addresses, please see this article.

  7. Click OK, then Save. Next, you will want to set up a mail flow rule to allow our mail to bypass spam filtering and the Clutter folder.

Next, you will need to set up a mail flow rule to bypass clutter and spam filtering.

Back to Top

 

Step 2: Bypassing Clutter and Spam Filtering

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, follow the steps below.

Note:

Are you having trouble with emails being blocked or quarantined? Check out this article from Microsoft for more information.

    1. From the Exchange admin center, select Mail Flow from the left-hand menu.
    2. Click the (+) button beneath Rules and then select Bypass Spam Filtering.

      Exchange Admin Center:

    3. Give the rule a name, such as "Bypass Clutter & Spam Filtering by IP Address".
    4. Click the Apply this rule if... drop-down menu and select The Sender then IP address is in any of these ranges or exactly matches.

      New Rule Screen:

      Don't see the settings you need?

      Click More options on the New Rule screen to see all available settings. 

    5. Enter all of our IP addresses, then click OK. For the most up-to-date list of our IP addresses, please see this article.

      Specify Sender IP addresses:

    6. Click the Do the following drop-down and select Modify the message properties then set a message header.

      Modifying the message properties:

    7. Click the *Enter text... button after "Set the message header" to set the message header.  Enter the following: "X-MS-Exchange-Organization-BypassClutter". This field is case sensitive. Once entered, click OK.
    8. Click the *Enter text... button after "to the value" and enter "true". This field is case sensitive. Once entered, click OK and then add action.

    9. From the drop-down menu for Do the following... select Modify the message properties. Then, click Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.

      Bypass Spam Filtering

Note:

For best practices, we recommend leaving the other options at their default settings.

  1. Click Save. An example of the completed rule is shown below.

    Completed Mail Flow Rule

 

 

If you are using Microsoft 365, you will now need to set up a mail flow rule to bypass your junk folder.

If you are using Exchange, your whitelisting is complete. To test out your whitelisting and make sure phishing security tests will reach your end users, you can set up a phishing campaign for a small test group that includes yourself. Once the simulated phishing email reaches your inbox, you'll know you've successfully whitelisted our servers in your system.

 

Back to Top

 

Step 3: Bypassing the Junk Folder (M365 ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

Note:

Microsoft 365 Environments: If you whitelisted our email servers prior to February 2018, you will need to add an additional mail flow rule in your Microsoft 365 Admin center. 

  1. From the Exchange admin center, select mail flow from the left-hand menu.
  2. Click the (+) button beneath Rules.

  3. Select Bypass spam filtering....
  4. Give the rule a name, such as "KnowBe4-Skip Junk Filtering".
  5. Click the Apply this rule if... drop-down menu and select The Sender, then select IP address is in any of these ranges or exactly matches.
  6. Enter all of our IP addresses, then click OK. For the most up-to-date list of our IP addresses, please see this article.
  7. Click the Do the following drop-down menu and click Modify the message properties then Set a Message Header.
  8. Click on the *Enter text... button after "Set the message header" to set the message header. Enter the following text: "X-Forefront-Antispam-Report". This value is case sensitive. Then, click OK.
  9. Click the *Enter text... button after "to the value" and enter "SFV:SKI;CAT:NONE;". To learn more about this header, click here. Please be aware that this field is case sensitive. Once the text is entered, click OK.
  10. Click Save.
  11. Beneath Properties of this rule, set the priority to directly follow the rule you created in the Bypassing Clutter and Spam Filtering section.

An example of the completed rule is shown below.

Completed Mail Flow Rule

Don't see the settings you need?

Click More options on the New Rule screen to see all available settings. 

Next, you will need to set up a connector in order to prevent deferment.

Back to Top

 

Step 4: Setting Up a Connector to Prevent Deferments (M365 ONLY)

Adding a connector will prevent your emails from being deferred in Microsoft 365 due to Microsoft's rate limiting or similar settings.

To add a connector to your Microsoft 365 account, follow the steps below:

  1. From your Exchange admin center, navigate to mail flowconnectors.
  2. Click the + sign to create a new connector.
  3. In the Connection from field, select Partner organization.

  4. In the Connection to field, Office 365 should be automatically selected. If it is not, select Office 365.
  5. Click Next.
  6. On the next screen, you will need to name the connector. Name it something identifiable, such as KB4 PST Connection Filter. You can also add a description if you'd like.

  7. When you're done, click Next.
  8. Select the Use the sender's IP address option and then, click Next.

  9. Using this article for reference, add the IP addresses for your server (US or EU).
  10. Once you've added all of our IP addresses, click Next.
  11. Select the Reject email messages if they aren't sent over TLS security option. This option ensures that only emails that are TLS encrypted will be sent through. We send all our emails over TLS for security purposes.

  12. Click Next and then after reviewing that your settings for the connector are correct, click Save.

Back to Top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles