The Defend service may disrupt the delivery of third-party phishing simulation emails. In Microsoft 365 message tracking, you may see that the simulation emails arrive in Microsoft 365 and successfully go to Defend but then get quarantined when returned to Microsoft 365.

To resolve this issue, you need to add Defend's outbound IP addresses to an Advanced Delivery Policy in Microsoft 365. All of Defend's sending IP addresses can be found in our SPF records below for your respective region:

• UK - spf.london.aquilaiajax.com
• US - spf.us1.defend.egress.com
• AU - spf.au1.defend.egress.com
• EU - spf.eu1.defend.egress.com

To obtain the IP addresses from the SPF records follow the steps below:

1. Visit an SPF lookup tool, such as https://mxtoolbox.com. 
2. In the Domain Name field, enter the SPF record for your region. 
3. Select the MX Lookup button. 
4. On the results page, change the drop-down menu to SPF Record Lookup. 
5. Select the SPF Record Lookup button. 
6. All the IP addresses associated with the entered SPF record will be displayed. 

Once you have the IP addresses, add them to your Microsoft 365 Advanced Delivery Policy to ensure proper delivery of phishing simulation emails through the Defend service.