Troubleshoot email allowlisting for Microsoft Defender

This information provides solutions to issues with email allowlisting for Microsoft Defender.

False-positive phishing simulation clicks or alerts

Possible cause: If you are using Microsoft 365 Defender for your Office 365 mail environment and experience false clicks, link processing rules in Defender for Office 365 are causing issues.

Note:

If you are not sure if you use Microsoft 365 Defender, see Microsoft Feature Matrix for more information.

Resolution: Set up additional mail flow rules that allow you to bypass safe links:

In the Microsoft 365 Defender menu, click Policies & Rules > Threat policies.
In the Policies section, find the Safe Links subsection.
If you see text that indicates Safe Links is a premium-only feature or otherwise not available, you have the Microsoft 365 Defender Office 365 Plan 1.

Based on your Microsoft 365 Defender Office 365 plan, allowlist the MA IP addresses using one or both of these actions:

Note:
If you use both plans, configure your allowlist for both plans.
- False-positive phishing simulation clicks or alerts
- False-positive phishing simulation clicks or alerts

Managed Security Awareness (MA)

Managed Security Awareness (MA)

Troubleshoot email allowlisting for Microsoft Defender

False-positive phishing simulation clicks or alerts

目次