Skip to main content
All CollectionsGetting StartedStep 1: Whitelisting Right-Hand Domains & IP
Whitelisting Guide for Microsoft Exchange and Microsoft Defender
Whitelisting Guide for Microsoft Exchange and Microsoft Defender
K
Written by Karthek S
Updated over a week ago

Table of contents

On Microsoft Exchange Admin Center

  1. Set up Bypassing Spam Filtering using Mail flow rule

  2. Set up ByPass Clutter Filtering using Mail flow rule

  3. Set up Bypassing Safe Link using Mail flow rule

  4. Set up Bypassing Safe Attachments Processing using Mail flow rule

On Microsoft 365 Defender Portal

  1. Set up IP Allow List

  2. Set up Bypassing Safe Links using Safelinks rule

  3. Set up Advanced Delivery

Tutorial videos

How to bypass Spam and Clutter filter for whitelisting.

How to bypass Safe Links and Attachment scan for whitelisting.

How to set advanced delivery policies in Microsoft 365.

On Microsoft Exchange Admin Center

https://admin.exchange.microsoft.com/

Set up Bypassing Spam Filtering using Mail flow rule

  1. Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on

    Rules.

  2. Click on +Add Rule.

  3. Below the Name section -> give a name something like "RightHand - Bypass Spam Filtering".

  4. Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".

  5. Enter Right-Hand’s IP address “168.245.54.27” as shown below.

  6. Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.

  7. Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-Forefront-Antispam-Report” (without quotes) in the text-box and hit Save.

  8. Click on the second "Enter text" field that is next to the text “Value” and type “SFV:SKI;CAT:NONE” (without quotes) in the text-box and hit Save.

  9. Scroll down and click on Next at the bottom of the screen.

  10. You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.

Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Set up ByPass Clutter Filtering using Mail flow rule.

  1. Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on Rules.

  2. Click on +Add Rule.

  3. Below the Name section -> give a name something like "RightHand - Bypass Clutter Filtering".

  4. Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".

  5. Enter Right-Hand’s IP address “168.245.54.27” as shown below.

  6. Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.

  7. Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-BypassClutter” (without quotes) in the text-box and hit Save.

  8. Click on the second "Enter text" field that is next to the text “Value” and type “true” (without quotes and in lower case) in the text-box and hit Save.

  9. Now add a new action by clicking on the ➕ icon next to the set a message header drop-down as highlighted below. You will see a new section will appear with the heading And and with two drop-downs.

  10. In the first drop-down select "Modify the message properties" and in the second drop-down select “Set the spam confidence level (SCL)”. You will now see a screen called specify SCL -> Select the option “Bypass spam filtering” from the drop-down -> Click Save. You will see the spam confidence level (SCL) is set to '-1'.

  11. Scroll down and click on Next at the bottom of the screen.

  12. You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.

Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Set up Bypassing Safe Link using Mail flow rule

  1. Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on Rules.

  2. Click on +Add Rule.

  3. Below the Name section -> give a name something like "RightHand - Bypass Safe Links".

  4. Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches"

  5. Enter Right-Hand’s IP address “168.245.54.27” as shown below.

  6. Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.

  7. Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-SkipSafeLinksProcessing” (without quotes) in the text-box and hit Save.

  8. Click on the second "Enter text" field that is next to the text “Value” and type “1” (without quotes) in the text-box and hit Save.

  9. Scroll down and click on Next at the bottom of the screen.

  10. You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.

Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Set up Bypassing Safe Attachments Processing using Mail flow rule

  1. Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on Rules.

  2. Click on +Add Rule.

  3. Below the Name section -> give a name something like "RightHand - Bypass Safe Attachments".

  4. Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".

  5. Enter Right-Hand’s IP address “168.245.54.27” as shown below.

  6. Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.

  7. Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-SkipSafeAttachmentProcessing” (without quotes) in the text-box and hit Save.

  8. Click on the second "Enter text" field that is next to the text “Value” and type “1” (without quotes) in the text-box and hit Save.

  9. Scroll down and click on Next at the bottom of the screen.

  10. You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.

Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

On Microsoft 365 Defender Portal

https://security.microsoft.com/

Set up IP Allow List

  1. Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.

  2. Under Policies Section click on Anti-spam.

  3. In the Anti-spam policies page, click Connection filter policy (Default).

  4. In the Connection filter policy (Default) page, click Edit connection filter policy.

  5. In the Edit connection filter policy screen, under “Always allow messages from the following IP addresses or address range:” field -> add RightHand’s IP address 168.245.54.27 -> click Save -> click Close.

Important Note: The Anti-spam policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Set up Bypassing Safe Links using Safelinks rule

  1. Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.

  2. Under Policies Section click on Safe Links -> Click on + Create.

  3. Give a name something like "RightHand - Bypass Safe Links" -> click on Next.

  4. Under the Users and Domains section go to the Domains field and include all of your applicable company domains where you are expecting to receive emails from Right-Hand. For example, if your company name is Acme then usually your company domains will be something like acme.main.onmicrosoft.com, acme.onmicrosoft.com etc. -> click Next.

  5. In the URL & click protection settings section scroll down to “Do not rewrite the following URLs in email” section → click on Manage 0 URLs → Add the following URLs as shown below -> click Done.

    *.right-hand.ai/*

    *.bankng-login.com/*

    *.linktologin.com/*

    *.inbox-login.com/*

    *.linktosso.com/*

    *.ssotowebsite.com/*

    *.login-sso.com/*

    *.verified-login.com/*

    *.authupdate.com/*

    *.resetlogin.com/*

    *.account-protect.me/*

    *.discountOffer.com/*

    *.grnaill.com/*

    *.mailboxaccess.com/*

    *.rnicrosoftlogin.com/*

    *.linkdinapp.com/*

Important Note: The checkboxes under URL & click protection settings should be checked based on your discretion and according to your organization's security policies.

6. Now keep the rest of the options as shown below and click on Next.

7. Keep the Notification option to Default and click Next.

8. On the Review screen, match the details as shown below and click on Submit.

Important Note: The Safe links policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Set up Advanced Delivery

  1. Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.

  2. Under Rules Section click on Advanced Delivery -> Click on Phishing Simulation Tab -> Click Edit.

  3. In the Sending Domain field add the below domains and in the Sending IP field add 168.245.54.27.

    right-hand.ai

    bankng-login.com

    linktologin.com

    inbox-login.com

    linktosso.com

    ssotowebsite.com

    login-sso.com

    verified-login.com

    authupdate.com

    resetlogin.com

    account-protect.me

    discountOffer.com

    grnaill.com

    mailboxaccess.com

    rnicrosoftlogin.com

    linkdinapp.com

  4. Click Save.

Important Note: The Phishing simulations policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.

Did this answer your question?