Once Security Awareness training is enabled on your Proofpoint account, this can be set up for O365 by completing the following tasks:
- Update your domain's SPF record to allow sending IP addresses
- Create mail flow rule to allow phishing simulation emails
- Configure Advanced Delivery policy
Update SPF Record
In your domain's DNS zone, add the following IP addresses to your SPF record depending on your region:
- US: 107.23.16.222 and 54.173.83.138
- EU: 52.17.45.98 and 52.16.190.81
Create Mail Flow Rule
In the O365 Exchange Admin Center under Mail Flow > Rules (https://admin.exchange.microsoft.com/#/transportrules), create the following rule:
- Apply this rule if
- The sender > IP address is in any of these ranges or exactly matches
- 107.23.16.222, 54.173.83.138, 52.17.45.98, 52.16.190.81
- The sender > IP address is in any of these ranges or exactly matches
- Do the following
- Modify the message properties > set the spam confidence level (SCL)
- -1 or "Bypass spam filtering"
- Modify the message properties > set a message header
- Set the message header X-MS-Exchange-Organization-SkipSafeLinksProcessing to the value 1
- Modify the message properties > set the spam confidence level (SCL)
Configuring Advanced Delivery Policy
To prevent Microsoft from erroneously generating informational alerts on Proofpoint's phishing simulation emails, an advanced delivery policy can be implemented in O365. This can be completed through the following steps:
- Log into the Microsoft 365 Defender Portal (or go directly to https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation)
- Navigate to Policies and Rules > Threat Policies > Advanced Delivery
- Click on the tab for Phishing Simulation, then click Edit
- Under Domain, add the following:
- securityeducation.com
- Under Sending IP, add the following items depending on your region:
- US: 107.23.16.222 and 54.173.83.138
- EU: 52.17.45.98 and 52.16.190.81
- When finished, click Save at the bottom of the page