The list of our CyberCoach domains and IPs can be found directly in your CyberCoach interface under the Domains/IP tab in the Settings.

In this Domains tab, you will see the full list of our CyberCoach domains and can use the whitelist tracking feature to check off the domains you have already whitelisted.
When new domains are added, this feature will help you maintain better visibility of the domains that still need to be whitelisted.

Here, we'll see how to make your Microsoft tenant recognize CyberCoach campaign emails as authorized phishing simulations.

This is a mandatory step to prevent your campaign emails from going directly to your Microsoft email server's quarantine or generating false results.

To implement this configuration, you'll need to access the M365 admin console. To do this, click on the Admin icon.
​

Once in the admin console, click on Show All.

Then click on the Security tab.

In the new left menu Email and Collaboration, click on Policies and Rules.

Then go to Threat Policies.

In the Rules menu, click on Advanced Delivery.

It's now time to authorize the domains to deliver your attack simulations to your users.

Go to the Phishing Simulation menu, then Edit.

In this new window, the information to fill in is visible from your CyberCoach interface, in Domains/IP.
​

When CyberCoach simulations are sent to your O365 email server, the Safe Link verification tool may act on the emails.

This is a feature that prevents users from opening and sharing malicious links in messages and Office applications.

This impacts awareness campaigns sent by CyberCoach by generating click actions on the links present in them. This generates false positives and distorts your campaign results.

It will therefore be necessary to set up exceptions for the networks, IPs, and URLs used by the solution so that emails are correctly received.

There will be 3 actions to take:

Start by creating a new rule in your M365 tenant's Exchange settings: Exchange -> Mail Flow -> Rules

Add a new rule, and configure it as below:

In this first section, the IPs to enter are those present in your CyberCoach interface -> Domains/IP

This rule will add an element to the header to not apply SafeLink to emails. It will allow URLs in emails received on M365 to work normally if they come from our networks.

To create this new rule, return to the same location where our IPs and domains are already authorized: Alert Policy -> Threat Policy -> Rules -> Advanced Delivery
​

Then click on Phishing Simulation to add the URLs used in attack simulations, in addition to our IPs and domains.

You can add these URLs manually by adding "*." before the domains listed in your Cybercoach interface. For example, you'll have the domain example.com and the URL *.example.com

Finally, proceed to set up a SafeLink exception for our URLs. Go to Alert Policy -> Threat Policy -> SafeLinks.

Create a specific rule that should impact all users/domain names intended to be the target of awareness campaigns.
​

Then, in the Email section, disable API checks and enter the exceptions for the URLs you entered in part 2.

​

You should have a URL starting with "." and ending with "/" for each CyberCoach domain just like this : *.access-exemple.com/*

All you have to do is validate the rule creation.
​

These changes can take 48 hours to a week to take effect. You will need to perform regular tests to validate the proper application of the modifications.