In this article, you'll learn how to whitelist KnowBe4 using advanced delivery policies, Microsoft's recommended method for whitelisting our Phishing Security Tests (PSTs). If you prefer video tutorials, you can also watch our Whitelisting by Advanced Delivery Policies in Microsoft 365 video. For more information, see Microsoft's article on advanced delivery policies.
If your messages still aren’t delivering after configuring your advanced delivery policy, we recommend setting up smart hosting. Without smart hosting, some filters cannot be disabled, which may impact the delivery of PSTs. Smart hosting PSTs allow you to bypass these filters.
To configure your advanced delivery policies, you'll need to ensure you have the appropriate permissions in your Microsoft 365 account and settings in your KnowBe4 account.
Update Your Microsoft 365 Permissions
To create, modify, or remove settings in an advanced delivery policy, you’ll need to be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.
For read-only access to an advanced delivery policy, you’ll need to be a member of the Global Reader or Security Reader role groups. For more information about Microsoft permissions, see Microsoft’s Permissions in the Microsoft 365 Defender portal and Permissions in Exchange Online articles.
Update Your KnowBe4 Account Settings
To configure an advanced delivery policy for KnowBe4, you’ll need to first update your DKIM settings in your KnowBe4 account by following the steps below.
- Log in to your KnowBe4 account, then navigate to Account Settings > Phishing > Phishing Settings.
- In the Phishing Email Headers section, select the Enable DKIM Signature check box.
- Ensure the Use KnowBe4's Signing Domain setting is selected.
- Click Save DKIM Settings.
Add Your Advanced Delivery Policy
To add your advanced delivery policy, follow the steps below:
- Log in to your Microsoft 365 account.
- From the menu on the left side of the page, select Admin. You'll be taken to the Microsoft 365 admin center.
- Navigate to Admin centers > Security. Or, you can directly log in to your Microsoft 365 Defender portal.
- Under the Email & collaboration section, navigate to Policies & rules > Threat policies > Advanced delivery.
- On the Advanced delivery page, select the Phishing Simulation tab.
- Click the Edit icon.
Important:If you don't have any configured phishing simulations, click the Add icon.
- In the Edit third-party phishing simulation modal, adjust the following settings. You should use the settings for your specific region:
-
Domain: Enter the sending domains for your specific region using the table below.
Region Domain training.knowbe4.com psm.knowbe4.com ispservices.org eu.knowbe4.com psm.knowbe4.com ispservices.co.uk ca.knowbe4.com psm.knowbe4.com ispservices.net uk.knowbe4.com psm.knowbe4.com online-login-portal.com de.knowbe4.com psm.knowbe4.com mailserver-status.com -
Sending IP: Enter the sending IP addresses for your specific region using the table below.
Region IP Addresses training.knowbe4.com, ca.knowbe4.com, uk.knowbe4.com, de.knowbe4.com 147.160.167.0/26 23.21.109.197 23.21.109.212 eu.knowbe4.com 147.160.167.0/26 52.49.201.246 52.49.235.189 23.21.109.197 23.21.109.212 - Simulation URLs to allow: Paste your phish link root domains you copied earlier from the Root Domain column in your KnowBe4 console. Adjust the format to the recommended URL format syntax: *.example.com/*.
-
Domain: Enter the sending domains for your specific region using the table below.
- (Optional) To spoof your domain or to use spoofing in the delivery of PSTs, you will need to add the spoof intelligence policy from our Spoof Intelligence Allow/Block List for Microsoft 365 article.