Organizations using Microsoft 365 alongside KnowBe4’s Phishing Simulation Tests (PSTs) and Defend must complete additional configuration steps to ensure proper email delivery and accurate testing results. This article outlines the recommended best practices for configuring Defend while using PSTs.

Microsoft Advanced Delivery Policy Configuration

To avoid PSTs from being quarantined, add Defend’s sending IP addresses to an advanced delivery in Microsoft 365. All of Defend’s regional sending IP addresses can be found below:

• UK
  • 18.130.212.176
  • 18.135.85.199
  • 13.43.19.144/29
  • 3.253.208.184/29
• US
  • 52.71.53.79
  • 34.204.210.91
  • 52.0.5.153
  • 44.216.154.56/29
  • 18.246.145.200/29
• AU
  • 54.252.196.160
  • 13.210.31.177
  • 13.237.163.139
  • 16.51.86.24/29
• EU
  • 54.220.109.92
  • 34.253.34.167
  • 34.250.90.89
  • 3.78.201.96/29

Tags and Threat Notifications

By default, PSTs will be marked with tags, or users will receive a threat notification about them. This default behavior simulates a real-world scenario for how Defend would react to a legitimate phishing email.

If you want to see if users still select phishing emails without tags, you can remove them from any PSTs by adding KnowBe4's sending IP addresses to Defend's allowlist. This process will also prevent users from receiving threat notifications for PSTs.

For full details, see the Whitelisting Guide and Defend - Allow or Deny Lists articles.