If you have followed KnowBe4's advice and set up the Advanced Delivery Policy (ADP) as documented in this article (https://support.knowbe4.com/hc/en-us/articles/4404511190803-Advanced-Delivery-Policies-in-Microsoft-Defender-for-Office-365), then you’ll likely see in Microsoft 365 message tracking that the simulation emails arrive in Microsoft 365 and successfully go across to the Defend console. However, when emails come back, they are quarantined.

The reason for this process is that the ADP lists specific IP addresses and domains from which the simulation emails are sent, and the Defend IP address is not listed there.

Resolution

If you experience this issue, add the Defend outbound IP addresses to the existing ADP in your Microsoft 365 tenancy.

All of our sending IP addresses for your respective region can be found below:

• • 18.130.212.176
  • 18.135.85.199
  • 13.43.19.144/29
  • 3.253.208.184/29
• • 52.71.53.79
  • 34.204.210.91
  • 52.0.5.153
  • 44.216.154.56/29
  • 18.246.145.200/29
• • 54.252.196.160
  • 13.210.31.177
  • 13.237.163.139
  • 16.51.86.24/29
• • 54.220.109.92
  • 34.253.34.167
  • 34.250.90.89
  • 3.78.201.96/29

Ensure that psm.knowbe4.com is added to the domains in the Advanced Delivery Policy:

Ensure that the following options are not enabled in KnowBe4's console under Account Settings Phishing Settings: