Follow this process to allow Webroot phishing simulations
Note: SecOps mailbox configuration is not required for WSAT operation. SecOps mailbox designation allows for unfiltered mail and is therefore a best practice for administrator oversight. SecOps designation should not be applied to target user mailboxes. Refer to the Microsoft documentation for further detail.
Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy
Tip: To complete these steps, you need to be a member of the Security Administrator role group in the Microsoft 365 Defender portal and a member of the Organization Management role group in Exchange Online. You can also use Azure Active Directory roles to assign the required permissions.
Note: SecOps mailbox configuration is not required for WSAT operation. SecOps mailbox designation allows for unfiltered mail and is therefore a best practice for administrator oversight. SecOps designation should not be applied to target user mailboxes. Refer to the Microsoft documentation for further detail.
Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy
- In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies page > Rules section > Advanced delivery.
- On the Advanced delivery page, verify that the Phishing simulation tab is selected, and then do one of the following steps:
- Click
Edit. - If there are no configured phishing simulations, click Add.
- Click
- On the Edit third-party phishing simulation flyout, configure the following settings:
- Domain - Webroot Security Awareness Training uses custom domains for simulations. These custom domains are specified in this article.
Expand the section and add the domains you intend to use in simulations, remembering to update it if you change the domains.
- Sending IP - Webroot uses multiple servers to send mail, enter IPv4 addresses for each.
Please note, email security or related services which process email originating from Webroot Security Awareness Training may be identified as the delivering system instead of Webroot Security Awareness Training.
If your recipients will be receiving email directly from Webroot Security Awareness Training servers, proceed as follows.
Expand the section and add all of the Webroot email server IP addresses. The Webroot mail server information is specified in this article.
- Simulation URLs to allow (optional) - Use this section to specify any URLs that are part of the simulation that you do not want blocked. This optional step can be used to ensure that URLs used in simulations are allowed. For the URL syntax format, see URL syntax for the Tenant Allow/Block List.
Expand the section and add and any simulation URLs to allow.
- Domain - Webroot Security Awareness Training uses custom domains for simulations. These custom domains are specified in this article.
- When you're finished, do one of the following steps:
- First time: Click Add, then click Close.
- Edit existing: Click Save, then click Close.
Thanks for your feedback!
Powered by NOHOLD Inc. U.S. Patent No. 10,659,398
All Contents Copyright© 2024