Microsoft Safelisting
      Back to home
      1. Help Center
      2. Getting Started
      3. Microsoft Safelisting

      What is Microsoft Direct Delivery?

      How to bypass email delivery issues by enabling Microsoft Direct Delivery on your account.

       

      Direct Delivery allows you to place messages directly into a Microsoft user's inbox (using Microsoft Graph), without the need of sending an email from a mail server. This allows you to bypass any delivery issues when conducting simulated phishing tests.

      This article will cover the 2 ways your team can set up Microsoft Direct Delivery:
      1. Setting Up with Single Microsoft Instance Accounts
        Best for customers with one Microsoft Account; i.e. single companies .
      2. Setting Up with Multiple Microsoft Instance Accounts
        Best for co-managed instances where multiple Microsoft Accounts are being synced.  

      Check out this video for a step by step click through:

      Setting Up Direct Delivery - Single Microsoft Instance Accounts

      Navigate to Administration > Settings > Mail Settings > Direct Delivery tab.

      The recipient email addresses must exist within the Azure tenant where Direct Delivery is enabled, otherwise they will not receive the mail. When you have this featured enabled at the account setting level, the Direct Delivery option when creating a Campaign will need to be toggled to YES in order to apply Direct Delivery per campaign. 

      To enable Direct Delivery, click the "Enable Direct Delivery" button. The following permissions will be requested:

      • Read all users' full profiles
      • Read mail in all mailboxes
      • Read and write mail in all mailboxes
      • Sign in and read user profile

      NOTE: These permissions grant access to read, modify or delete emails. However, Direct Delivery will never interface with inboxes to read, modify, or delete emails. These permissions are only used to deliver mail to inboxes.

      Click the "Accept" button to grant these permissions. To disable Direct Delivery, click the "Disable Direct Delivery" button:

      Now you can apply Direct Delivery on a phishing campaign:

      When creating a phishing campaign, at the Review section in the Campaign Wizard,
      toggle YES on the "Direct Delivery" option to inject emails rather than using conventional email sending. Click Finish.

      Setting Up Direct Delivery - Multiple Microsoft Instance Accounts

      Navigate to Targets/Groups > Manage Groups > Edit (on individual group).

      Next go to the Direct Delivery tab.

      The recipient email addresses must exist within the Azure tenant where Direct Delivery is enabled, otherwise they will not receive the mail. When a Hook Security group has direct delivery enabled, it will automatically attempt to send simulated phishing and training emails to targets in the group using Direct Delivery on a campaign.

      To enable Direct Delivery, click the "Enable Direct Delivery" button. The following permissions will be requested:

      • Read all users' full profiles
      • Read mail in all mailboxes
      • Read and write mail in all mailboxes
      • Sign in and read user profile

      Click the "Accept" button to grant these permissions. To disable Direct Delivery, click the "Disable Direct Delivery" button: