Microsoft Safelisting
      Back to home
      1. Help Center
      2. Getting Started
      3. Microsoft Safelisting

      How do I bypass Office 365 Advanced Threat Protection Rules?

      Bypassing safe links and attachment processing for simulated phishing emails from Hook Security's testing platform can be done by setting up additional mail flow rules.

      Advanced Threat Protection (ATP) has link processing and attachment processing rules, which will cause false clicks and false attachment opens to be reported in your mail environment. 

      How to Add ATP Link Bypassing Rules (Mail Flow Rule)

      Follow the below steps to set up a mail flow rule for bypassing APT link processing:

      1. Login to your Exchange/Office Admin center and make a new mail flow rule.
      2. Give the rule an intuitive name, like “ATP Link Bypass”
      3. Click on More options…
      4. Click the Apply this rule if… drop-down.
      5. Select The senders.
      6. Select IP address is in any of these ranges or exactly matches.
      7. Enter the Hook Security IP addresses. (For a list of our IP addresses, see below) 
        1. 64.191.166.196
          64.191.166.197
          198.61.254.6
          54.80.160.189
          64.191.166.198
          54.88.246.212
          54.240.70.101
          54.240.70.102
      1. Click on the Do the following… drop-down.
      2. Select Modify the message properties…
      3. Select set a message header.
      4. Click on the link that says *Enter text… Then, set the message header to: 'X-MS-Exchange-Organization-SkipSafeLinksProcessing'
      5. Click the second link that says *Enter text… Set the value to: '1'
      6. Click on Save.

      How to add ATP Attachment Bypassing Rules

      Follow these steps to set up an ATP Attachment Bypassing Rule:

      1. First, create a new mail flow rule in your Exchange/Office Admin center (see the above steps).
      2. Give the rule an intuitive name, like “ATP Attachments Bypass”.
      3. Click on more options.
      4. Click on the Apply this rule if… drop-down.
      5. Choose The senders.
      6. Select IP address is in any of these ranges or exactly matches.
      7. Enter portal’s IP address. (For a list of our IP addresses, see this article.)
      8. Click on the Do the following… drop-down.
      9. Select the Modify the message properties… option.
      10. Select the set a message header.
      11. Click on the first *Enter text… link.
      12. Set the message header to: 'X-MS-Exchange-Organization-SkipSafeAttachmentProcessing'
      13. Click on the second *Enter text… link and set the value to: 1
      14. Click on Save.

      Please allow an hour for the rules to take effect.