Microsoft Defender Whitelist Domain and IP Addresses, Previously Called Bypass Spam Filter in Online Exchange

In the ever-evolving landscape of cybersecurity, protecting organisations from spam, phishing attempts, and malicious emails is paramount. Microsoft Defender for Office 365, formerly known as Office 365 Advanced Threat Protection (ATP), offers robust tools to safeguard against such threats. One of its key features is Anti-Spam Policies, which allow administrators to configure settings to filter out unwanted emails effectively.

Central to this configuration is the ability to whitelist trusted domains and IP addresses, ensuring legitimate communication isn't inadvertently blocked. In this short tutorial, we'll outline the methods you can use to Whitelist both Domains and IP Addresses using Microsoft Defender Anti-Spam Policies.

We had to implement this recently for a few of our clients to allow some IPs and domains that were used with a Cyber Training for staff. This used to be achieved via Online Exchange using Bypass Spam Filter within the Rules section. This is no longer available.

Understanding Microsoft Defender Anti-Spam Policies

Microsoft Defender Anti-Spam Policies serve as the front line defense against unsolicited and potentially harmful emails. These policies leverage sophisticated algorithms and threat intelligence to analyse incoming messages and classify them based on their risk level. Administrators can fine-tune these policies to meet the specific needs of their organisation, including whitelisting trusted sources to bypass spam filtering mechanisms.

Whitelisting Domains

Whitelisting domains is a crucial step in ensuring that emails from trusted sources reach their intended recipients without being flagged as spam. Here's how to whitelist domains effectively within Microsoft Defender Anti-Spam Policies:

  1. Access Security Portal: Sign in to the Microsoft 365 Security Portal using your administrative credentials here. This centralised hub provides comprehensive tools for managing security settings across your Microsoft 365 environment.
  2. Expand Email & Collaboration: Within the Security & Compliance Center, click on "Email & Collboration" and click Threat Policies > Anti-Spam > Anti-spam inbound policy. You should see a screen similar to the screenshot below. Follow the instructions within the screenshots below.

Whitelisting IP Addresses

In addition to whitelisting domains, organisations may need to whitelist specific IP addresses to permit communication from trusted servers or networks. Whitelisting IP addresses in Microsoft Defender Anti-Spam Policies follows a similar process and is equally crucial for effective email management. Here's how to whitelist IP addresses:

  1. Access Security Portal: Log in to the Microsoft 365 Security Portal using your administrative credentials here as outlined in the Whitelisting Domains tutorial above.
  2. Expand Email & Collaboration: Within the Security & Compliance Center, click on "Email & Collaboration" and click Threat Policies > Anti-Spam > Connection filter policy. You should see a screen similar to the screenshot below and then Follow the instructions within the screenshots below.

Best Practices for Whitelisting

To maximize the effectiveness of domain and IP address whitelisting in Microsoft Defender Anti-Spam Policies, it's essential to adhere to best practices:

  1. Regular Review: Periodically review and update the whitelist to reflect changes in organizational requirements or trusted sources.
  2. Verification Process: Before adding domains or IP addresses to the whitelist, verify their legitimacy to prevent potential security risks.
  3. Layered Security: Whitelisting should complement other security measures, such as email encryption, attachment scanning, and user awareness training, for comprehensive protection against threats.
  4. Monitoring and Analysis: Monitor email traffic and analyze whitelisted sources for any suspicious activity or anomalies that may indicate security breaches.
  5. User Education: Educate users about the importance of email security, recognising phishing attempts, and reporting suspicious emails to the IT department.

Conclusion

Whitelisting domains and IP addresses in Microsoft Defender Anti-Spam Policies is a critical component of an organisation's defense against email-borne threats. By selectively permitting communication from trusted sources, administrators can minimise the risks associated with spam, phishing, and malware while ensuring legitimate emails reach their intended recipients.

Understanding the procedures involved in whitelisting and adhering to best practices is essential for maintaining a secure and efficient email environment within the organisation. With proper implementation and ongoing vigilance, whitelisting can significantly enhance the security posture of Microsoft 365 deployments, contributing to overall business resilience and continuity.

If you've found this useful, you may want to sign up to our newsletter where you'll receive notices on when we post new articles and helpful "how tos". Just fill out your details below and we'll do the rest…

No Comments Yet.

Leave a comment


Sign up to our newsletter where you’ll receive notices on when we post new articles and helpful “how tos” to make your IT life easier.