Microsoft: Allowlisting PowerShell Scripts
The document provides specific PowerShell scripts and commands for Microsoft Exchange Online to create transport rules that bypass Focused Inbox for certain IP ranges, enable Advanced Delivery allowlisting for phishing simulation test URLs, and configure PhishSim override policies and rules, along with guidance on common errors encountered during these allowlisting tasks.
Helpful PowerShell Scripts for Allowlisting Tasks
Please only use the following scripts if you are familiar with what they do and how to run them in your environment.
Scripts
Sometimes it's important to enable a Transport rule to force emails to show in users' inboxes whether they have “Focused Inbox” mode enabled or not. This script will create a new Transport Rule:
New-TransportRule -Name "Bypass Focused Inbox for Phin" -SenderIpRanges 198.2.177.227, 198.244.59.179, 35.237.125.73 -SetHeaderName "X-MS-Exchange-Organization-BypassFocusedInbox" -SetHeaderValue "True"
Additionally, you may need to enable Advanced Delivery policy/rules so that test emails are properly identified as phish simulation tests and are not blocked. If these emails are reported to Microsoft, they will also NOT be scanned, causing false-positive click reports.
Commands to be run from the “Exchange Online PowerShell”:
New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries "*.betterphish.com/*","*.shippingalerts.com/*","*.amazingdealz.net/*","*.berrysupply.net/*","*.coronacouncil.org/*","*.couponstash.net/*","*.creditsafetyteam.com/*","*.autheticate.com/*","*.notificationhandler.com/*" -NoExpiration
Commands to be run in the “Exchange Security & Compliance PowerShell”:
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
New-ExoPhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains 'betterphish.com','shippingalerts.com','amazingdealz.net','berrysupply.net', 'coronacouncil.org','couponstash.net','creditsafetyteam.com','autheticate.com','notificationhandler.com' -SenderIpRanges 198.2.177.227, 198.244.59.179, 35.237.125.73
Common Errors
A policy may not contain more than one compliance rule.
If you encounter this error, then it is likely you have already run these commands (or a similar command for another reason that clashes with these). Please review the Microsoft docs here to see how to edit your existing setup.