GoPhish Simulation setup on Microsoft 365

How to setup a phishing simulation using gophish and ensure mail is not flagged in Microsoft 365 as spam or phishing so that users will actually receive the phishing test mails.

In the environment setup we have Microsoft 365 in hybrid with an on-premise exchange server. The environment has “Defender” setup also that include “safe links” and “safe attachments(only useful on 365 accounts, is ineffective with on-prem exchange accounts).

Additionallly, we have an Astaro/Sophos UTM appliance acting as an additional mail gateway to filter messages.

First we need to add the IP of our gophish mailing server to “Enhanced Filtering Connectors” list so it is recognized as phishing.

Head to Micrsosoft 365 Admin center > Security > Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation

Click on EDIT (not ADD)

Then add all the appropriate info to the domains, IPs & URLs

Next… Safe Links – adding an “allowed link”

Reference from MS Site : https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide#allow-entries-in-the-tenant-allowblock-list

UPDATE : If you want to do this, you need to submit your wildcard link to Microsoft.

GENERAL RULE :
To avoid browsers from flagging your domain links (not safelinks but chrome or firefox…) then do not send more than 250-300 mails per week.