To ensure seamless delivery of Right-Hand’s cybersecurity training and phishing simulation emails, it's important to configure your Microsoft 365 environment to recognize and allow our communications. This guide provides step-by-step instructions for setting up mail flow rules and security policies in both the Microsoft Exchange Admin Center and Microsoft 365 Defender Portal.
By following these steps, you’ll ensure our messages bypass spam filters, clutter filtering, Safe Links, and Safe Attachments processing. You’ll also whitelist Right-Hand’s IP addresses and domains to prevent any disruptions. Please be sure to review the priority of your mail flow rules to avoid conflicts with existing policies.
On Microsoft Exchange Admin Center
On Microsoft Exchange Admin Center
Whitelist IP using Mail Flow Rules
Whitelist IP using Mail Flow Rules
Note: You can either watch the video or follow the steps below.
Tutorial video for bypassing spam filtering & clutter filtering
Table of contents
Set up Bypassing Spam Filtering using Mail Flow Rule
Please follow the steps below to set up the rule.
Go to Exchange Admin Center -> On the left menu, click on Mail Flow -> Click on Rules.
Click on +Add Rule.
Below the Name section -> give a name, such as "RightHand - Bypass Spam Filtering".
Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".
Enter Right-Hand’s IP addresses “168.245.54.27”, "52.74.95.172" and "149.72.49.118" as shown below.
Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.
Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-Forefront-Antispam-Report” (without quotes) in the text-box and hit Save.
Click on the second "Enter text" field that is next to the text “Value” and type “SFV:SKI;CAT:NONE” (without quotes) in the text-box and hit Save.
Scroll down and click on Next at the bottom of the screen.
You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.
Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Set up ByPass Clutter Filtering using a Mail Flow Rule.
Go to Exchange Admin Center -> On the left menu, click on Mail Flow -> Click on Rules.
Click on +Add Rule.
Below the Name section, enter a name, such as "RightHand - Bypass Clutter Filtering".
Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".
Enter Right-Hand’s IP address “168.245.54.27”, "52.74.95.172" and "149.72.49.118" as shown below.
Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.
Now, two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-BypassClutter” (without quotes) in the text box and hit Save.
Click on the second "Enter text" field that is next to the text “Value” and type “true” (without quotes and in lower case) in the text box and hit Save.
Now add a new action by clicking on the ➕ icon next to the set a message header drop-down as highlighted below. You will see a new section will appear with the heading And and with two drop-downs.
In the first drop-down select "Modify the message properties" and in the second drop-down select “Set the spam confidence level (SCL)”. You will now see a screen called specify SCL -> Select the option “Bypass spam filtering” from the drop-down -> Click Save. You will see the spam confidence level (SCL) is set to '-1'.
Scroll down and click on Next at the bottom of the screen.
You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.
Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Note: You can either watch the video or follow the steps below.
Tutorial video to bypass safe links & attachments processing
Set up Bypassing Safe Link using Mail Flow Rule
Please follow the steps below to set up the rules.
Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on Rules.
Click on +Add Rule.
Below the Name section, enter a name, such as "RightHand - Bypass Safe Links".
Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches"
Enter Right-Hand’s IP address “168.245.54.27”, "52.74.95.172" and "149.72.49.118" as shown below.
Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.
Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-SkipSafeLinksProcessing” (without quotes) in the text-box and hit Save.
Click on the second "Enter text" field that is next to the text “Value” and type “1” (without quotes) in the text-box and hit Save.
Scroll down and click on Next at the bottom of the screen.
You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.
Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Set up Bypassing Safe Attachments Processing using Mail Flow Rule
Go to Exchange Admin Center -> On the left menu click on Mail Flow -> Click on Rules.
Click on +Add Rule.
Below the Name section -> give a name something like "RightHand - Bypass Safe Attachments".
Below the Apply this rule if section-> In the first drop-down select "The senders" and in the second drop-down select "IP address is in any of these ranges or exactly matches".
Enter Right-Hand’s IP address “168.245.54.27”, "52.74.95.172" and "149.72.49.118"as shown below.
Below the "Do the following" section-> In the first drop-down select "Modify the message properties" and in the second drop-down select “Set a message header”.
Now two “Enter text” fields will appear below those drop-downs. Click on the first "Enter text" field that is next to the text “set the message header” and type “X-MS-Exchange-Organization-SkipSafeAttachmentProcessing” (without quotes) in the text-box and hit Save.
Click on the second "Enter text" field that is next to the text “Value” and type “1” (without quotes) in the text-box and hit Save.
Scroll down and click on Next at the bottom of the screen.
You will now be taken to the Set rule settings screen where just leave everything as it is and click Next. You will be taken to the Review and finish screen -> Click Finish.
Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Whitelist custom email headers using mail flow rules.
Whitelist custom email headers using mail flow rules.
This section explains how to ensure essential emails from Right-Hand don’t end up in your spam, junk, or Clutter folders in Microsoft 365. By setting up some simple rules in the Exchange Admin Center, you can tell the system to always trust these messages based on a special code (called a "custom header") provided by Right-Hand. Following the steps ensures these emails are delivered directly to inboxes without being filtered out. Just ensure the rules are prioritized so they work correctly and aren’t overridden by other settings.
Table of contents
Bypass Clutter and Spam Filtering by email header
Please follow the below steps.
Sign in to your Exchange Admin Center.
Go to Mail flow, then select Rules.
Click Add a rule and then, Create a new rule.
On the "Set rule conditions" page, assign a descriptive name to the rule, such as "Bypass Clutter and Spam Filtering by Email Header".
In the "Apply this rule if" options, choose "The message headers..." and "includes any of these words".
6. Click Enter text, then enter the custom header name that was shared by Right-Hand, and then click Save.
You can ask for the custom header, which is associated to your company tenant in cyberready from your customer success manager. Alternatively you can mail to [email protected] to get the same. The header has the following format:
X-RHS-TID-<unique hash>
7. Click Enter words and enter the hash value inside the header, then click Add and Save.
8. In the "Do the following" options, select "Modify the message properties" and select the "spam confidence level (SCL)."
9. In the "specify SCL" pop-up window, select "Bypass spam filtering" and then click on Save.
10. Next to the "Do the following" fields, click the plus icon.
11. In the "And" fields, choose "Modify the message properties" and select "set a message header."
12. In the initial "Enter text" field on the left, input "X-MS-Exchange-Organization-BypassClutter" and click Save.
13. Click the second Enter text on the right, then enter "true" and click Save.
14. Click Next.
15. When you're on the Set rule settings page, simply click "Next" to proceed. Typically, it's advised to stick with the default settings unless you have a specific reason to change them. This helps maintain consistency and ensures that the system operates smoothly.
16. On the final Review and finish page, click Finish.
Important Note: The mail flow or transport policies in Exchange/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that its execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Bypass the Junk Folder in Microsoft 365
Sign in to your Exchange Admin Center.
Go to Mail flow, then select Rules.
Click Add a rule and then, Create a new rule.
Add the rule a name, as "Right-Hand - Skip Junk Filtering".
In the "Apply this rule if" section, opt for "The message headers..." and then select "includes any of these words".
Click Enter text, then enter the custom header name that was shared by Right-Hand, and then click Save.
Click Enter words and enter the hash value within the header provided to you, then click Add and Save.
In the "Do the following" options, select "Modify the message properties" and select the "spam confidence level (SCL)."
In the "specify SCL" pop-up window, select "Bypass spam filtering" and then click on Save.
Next to the "Do the following" fields, click the plus icon.
In the "And" fields, choose "Modify the message properties" and select "set a message header."
In the initial "Enter text" field on the left, input "X-Forefront-Antispam-Report" and click Save.
In the second "Enter text" field on the right, input "SFV:SKI;CAT:NONE;". For further details on this header, refer to Microsoft's article on Anti-spam message headers in Microsoft 365. It's important to note that this field is case-sensitive.
Click Next.
When you're on the Set rule settings page, simply click "Next" to proceed. Typically, it's advised to stick with the default settings unless you have a specific reason to change them. This helps maintain consistency and ensures that the system operates smoothly.
On the final Review and finish page, click Finish.
Please note: Modify the rule's priority so that it comes right after the rule you established in the previous section.
Bypass Safe Links Using Custom Email Header
Sign in to your Exchange Admin Center.
Go to Mail flow, then select Rules.
Click Add a rule and then, Create a new rule.
Add the rule a name, as "Right-Hand - Bypass Safe Links".
In the "Apply this rule if" section, opt for "The message headers..." and then select "includes any of these words".
Click Enter text, enter the custom header name that Right-Hand shared, and click Save.
Click Enter words and enter the hash value within the header provided to you, then click Add and Save.
In the "Do the following" options, choose "Modify the message properties" and select "set a message header."
In the initial "Enter text" field on the left, input "X-MS-Exchange-Organization-SkipSafeLinksProcessing" and click Save.
Click the second Enter text on the right, then enter "true" and click Save.
11. Click Next.
12. When you're on the Set rule settings page, simply click "Next" to proceed. Typically, it's advised to stick with the default settings unless you have a specific reason to change them. This helps maintain consistency and ensures that the system operates smoothly.
On the final Review and finish page, click Finish.
Please note: Modify the rule's priority to come right after the rule you established in the previous section.
Bypass Safe Attachments Using Custom Email Header
Sign in to your Exchange Admin Center.
Go to Mail flow, then select Rules.
Click Add a rule and then, Create a new rule.
Add the rule a name, as "Right-Hand - Skip Safe Attachments".
In the "Apply this rule if" section, opt for "The message headers..." and then select "includes any of these words".
Click Enter text, enter the custom header name that Right-Hand shared, and click Save.
Click Enter words and enter the hash value within the header provided to you, then click Add and Save.
In the "Do the following" options, choose "Modify the message properties" and select "set a message header."
In the initial "Enter text" field on the left, input "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing" and click Save.
Click the second Enter text on the right, then enter "true" and click Save.
11. Click Next.
12. When you're on the Set rule settings page, simply click "Next" to proceed. Typically, it's advised to stick with the default settings unless you have a specific reason to change them. This helps maintain consistency and ensures that the system operates smoothly.
On the final Review and finish page, click Finish.
Please note: Modify the rule's priority to come right after the rule you established in the previous section.
Quarantined Emails? Whitelist RH Domains
Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.
Under Policies Section click on Anti-spam.
In the Anti-spam policies page, click Anti-spam inbound policy (Default).
Scroll to the bottom of the Anti-spam inbound policy (Default) page, click Edit allowed and blocked senders and domains.
Click Allow Domains > Add domains and add all Right-Hand Domains here. Click Done.
Important Note: The Anti-spam policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
On Microsoft 365 Defender Portal
On Microsoft 365 Defender Portal
Table of contents
Set up IP Allow List
Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.
Under Policies Section click on Anti-spam.
In the Anti-spam policies page, click Connection filter policy (Default).
In the Connection filter policy (Default) page, click Edit connection filter policy.
In the Edit connection filter policy screen, under “Always allow messages from the following IP addresses or address range:” field -> add RightHand’s IP address 168.245.54.27, 52.74.95.172 and 149.72.49.118-> click Save -> click Close.
Important Note: The Anti-spam policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Set up Bypassing Safe Links using Safelinks rule
Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.
Under Policies Section click on Safe Links -> Click on + Create.
Give a name something like "RightHand - Bypass Safe Links" -> click on Next.
Under the Users and Domains section go to the Domains field and include all of your applicable company domains where you are expecting to receive emails from Right-Hand. For example, if your company name is Acme then usually your company domains will be something like acme.main.onmicrosoft.com, acme.onmicrosoft.com etc. -> click Next.
In the URL & click protection settings section scroll down to “Do not rewrite the following URLs in email” section → click on Manage 0 URLs → Add the URLs as listed in the Whitelisting best practices article -> click Done.
Important Note: The checkboxes under URL & click protection settings should be checked based on your discretion and according to your organization's security policies.
6. Now keep the rest of the options as shown below and click on Next.
7. Keep the Notification option to Default and click Next.
8. On the Review screen, match the details as shown below and click on Submit.
Important Note: The Safe links policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.
Note: You can either watch the video or follow the steps below.
Tutorial Video to set up advanced delivery policies
Set up Advanced Delivery
Please follow the steps below to set up the policy.
Go to Microsoft 365 Defender Portal -> On the left menu click on Email & collaboration -> Click on Policies & rules -> click on Threat Policies.
Under Rules Section click on Advanced Delivery -> Click on Phishing Simulation Tab -> Click Edit.
In the Sending IP field add
168.245.54.27
52.74.95.172
149.72.49.118In the Sending Domain field, add the domains listed in the Whitelisting best practices article.
Click Save.
Important Note: The Phishing simulations policies in Defender/O365 are executed based on the priorities (execution priorities) set for the rule so please ensure that the priority for this rule is set in a way that it's execution is not prevented or skipped due the presence of another contradicting rule at a higher execution priority which may surpass the purpose of this rule.