HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365

Detailed Instructions From Microsoft:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide

Once you click the link above, follow the instructions under the “Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy” heading.

Detailed Instructions From CyberHoot:

Allow-List by X-Header in M365

Once you click the link above, make sure to follow all the steps from beginning to end of the page. Also make sure to get the most up-to-date list of CyberHoot servers below.

CyberHoot’s Email-Relay IP Addresses

The required IP address and Domain name information is found in this HowTo article:

CyberHoot Email-Relay IP Addresses, Domains, and Allow-Listing Articles

*If you are planning on sending AttackPhish simulation tests to your clients, you will need to have them allow-list all our email relays shown in the list.