To whitelist a domain, you'll need to modify your inbound spam policy.
Sign in to your Microsoft 365 Defender portal
Click on Policies & rules in the left-hand menu
Choose Threat policies
Select Anti-spam inbound policy (Default).
Scroll down and click on Edit allowed and blocked senders and domains.
Click on Allow domains.
Add the domain that you want to allow (whitelist).
Please note: The domain is provided when selecting the template during the set up of the phishing campaign.
Click Add domains
.
Click on Save
That's it 🎉 You've successfully added the domain to the spam filter allow list. From now on, all emails sent via this particular Defense.com phishing domain will not be marked as spam.
Note: Each phishing campaign uses a separate domain, so you’ll need to make sure you have added them to your whitelist before you send any future campaigns.
