How to Prevent Microsoft 365 Defender from Rewriting ePHISHiency Links
If you're using Microsoft 365 Defender, you may want to prevent the links in ePHISHiency’s phishing simulation emails from being rewritten with Defender’s Safe Links feature. When rewritten, this can be an obvious alert to your organization that something is wrong. As a result, the email may not be as effective at training them.
Step 1a: Bypass by Header
From the Exchange admin center, select mail flow from the left-hand menu.
Click the (+) button beneath rules and then select Bypass Spam Filtering…
Give the rule a name, such as "Bypass Defender Safe Links".
Click the Apply this rule if... drop-down menu and select A message header… then includes any of these words (you may need to click More options on the New rule screen to see all available options).
On the right hand side, click the *Enter text... link and enter our Header. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful. Once entered, click OK.
Next, click the *Enter words... link and enter our Header Value. Once entered, click the (+) button and then Ok. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful.
Click the Do the following drop-down and select Modify the message properties then set a message header.
On the right hand side, click the first *Enter text... link (after "Set the message header") and enter the following: "X-MS-Exchange-Organization-SkipSafeLinksProcessing" (this field is case sensitive). Once entered, click OK.
Click the second *Enter text... link (after "to the value") and enter "1" (this field is case sensitive). Once entered, click OK.
Leave the remaining options at their default setting and click Save.
Step 1b: Bypass by IP Address
From the Exchange admin center, select mail flow from the left-hand menu.
Click the (+) button beneath rules and then select Bypass Spam Filtering…
Give the rule a name, such as "Bypass Defender Safe Links".
Click the Apply this rule if... drop-down menu and select IP address is in any of these ranges or exactly matches.
On the right hand side, click the *Enter text... link and enter our IP address. For the most up-to-date IP address information, please see this article. Once entered, click OK.
Click the Do the following drop-down and select Modify the message properties then set a message header.
On the right hand side, click the first *Enter text... link (after "Set the message header") and enter the following: "X-MS-Exchange-Organization-SkipSafeLinksProcessing" (this field is case sensitive). Once entered, click OK.
Click the second *Enter text... link (after "to the value") and enter "1" (this field is case sensitive). Once entered, click OK.
Leave the remaining options at their default setting and click Save.
Step 3: Let us know you’re ready!
Contact ePHISHiency support (using the button below) and let us know that you’re all setup. We’ll send a test email to you, or a few people if you want, to make sure everything is working, and then we’ll be on our way to reducing your risk from phishing!
