Excluding KnowBe4's Domains from Microsoft Defender for Office 365 URL Rewriting

Microsoft Defender for Office 365 (formerly Microsoft 365 Advanced Threat Protection) feature may cause URLs from our Phishing Security Tests (PSTs) to be rewritten. If you would like, you have the option to exclude these URLs from being rewritten.

If you're looking for information about whitelisting in Microsoft Defender for Office 365, see our How to Use Advanced Delivery Policies in Microsoft Defender for Office 365 article.

To exclude our phish links from being rewritten, follow the steps below:

1. Log in to your KMSAT console.
2. Navigate to the Phishing tab, then select the Domains subtab. This subtab will display a list of our root phish link domains. For more information, see our How to Manage Phish Link Domains article.
   Note: If you don't have access to this subtab, you can contact our support team for a list of phish link domains.
3. In a separate browser window or tab, log in to the Microsoft 365 Defender portal (https://security.microsoft.com).
4. Navigate to Email & collaboration > Policies & rules.
   
5. Click Threat policies.
6. Click Safe Links to be taken to the Safe links page.
7. Select the Link Policy that you created. If you don't have a Link Policy, you'll need to create a new policy by clicking the Create button.
8. Click Edit protection settings. If you're creating a new policy, navigate to the URL & click protection settings step.
   
9. Under Do not rewrite the following URLs in email, click Manage URLs.  
10. Click + Add URLs.
11. Enter the root domains from your KMSAT console. To add the URL, press Enter on your keyboard. 
    Note: Make sure to add each phishing domain using the *.<rootdomain>/* format. For example, if the root domain is "knowbe4.com," you would enter *.knowbe4.com/* into the field.
12. Once you've entered all of the root domains, click Save.
13. Click Done.

Back to top