Managed Security Awareness AllowListing

Configuration Guide

Overview

Arctic Wolf Managed Security Awareness® (MA) sends your employees notifications and links to sessions through email several times a month. To ensure that your employees receive their ongoing awareness sessions, quizzes, and phishing simulation emails, you may need to AllowList emails coming from the MA system.

This document outlines how to edit your AllowList rules to enable MA communications for:

See the Managed Security Awareness section of Arctic Wolf IP Addresses for a complete list of IP addresses and message headers that you must add to your AllowList for the MA service.

Microsoft AllowList options

The following sections outline how to AllowList MA IP addresses and bypass certain email filters in Microsoft services.

Configuring your AllowList in Microsoft 365

In Microsoft 365, you can use mail flow rules to allow emails from trusted senders using a message header or a trusted IP address.

To AllowList the MA IP address:

  1. Open the Security & Compliance Center.

  2. In the navigation pane, select Threat Management > Policy.

  3. Under Policies, select Anti-spam.

  4. In the Name column, look for the Connection filter policy and click the arrow to expand the row.

  5. Click Edit policy.

  6. Under Always accept messages from the following IP addresses, click Edit.

  7. Enter the MA IP address into the text box, and then click the plus sign to add it.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  8. Click Save.

  9. Select the Turn on safe list check box, and then click Save.

You have now successfully added the MA IP address to your Microsoft 365 AllowList. For more information about these configuration settings, see Create safe sender lists in EOP on the Microsoft website.

Configuring your AllowList in Microsoft Exchange

To AllowList the MA IP address in Microsoft Exchange:

  1. Sign in to your Microsoft Outlook administrative portal.

  2. Under Apps, click Admin.

  3. In the navigation pane, under Admin centers click Exchange.

  4. Under protection, click connection filter.

  5. Select the pencil to edit the default connection filter policy.

  6. In the sidebar, click connection filtering.

  7. Under IP Allow list, click +.

  8. On the Add allowed IP address page, enter the MA IP address.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  9. Click OK, and then click Save.

You have now successfully added the MA IP address to your Microsoft Exchange AllowList. You can optionally add bypass clutter and spam filtering, following the instructions in Bypassing clutter and spam filtering in Microsoft Exchange.

Bypassing clutter and spam filtering in Microsoft Exchange

To bypass clutter and spam filtering in Microsoft Exchange:

  1. Sign in to your Microsoft Outlook administrative portal.

  2. Under Apps, click Admin.

  3. In the navigation pane, under Admin centers click Exchange.

  4. In the sidebar, select mail flow.

  5. In the rules tab, click + to expand the menu, and then click Bypass spam filtering.

  6. Enter a name such as Bypass clutter and spam filtering by IP address into the Name textbox.

  7. In the Apply this rule if menu, select The sender > IP address is any of these ranges or exactly matches.

  8. Enter the MA IP address in the text box, and then click OK.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  9. In the Do the following menu, select Modify the message properties > set a message header.

  10. Click Enter text to set the message header, and then enter X-ArcticWolf.

    Tip: This field is case sensitive.

  11. Click OK.

  12. After to the value, click Enter text to set the value, and then enter Arctic Wolf.

  13. Click OK.

  14. Click add action, and in the Do the following menu, select Modify the message properties > Set the spam confidence level (SCL) to > Bypass spam filtering.

  15. Click Save.

You have now successfully added the MA IP address to bypass clutter and spam filtering. You can optionally add Junk folder bypass following the instructions in Bypassing the Junk folder in Microsoft 365.

Bypassing the Junk folder in Microsoft 365

To bypass the Junk folder in Microsoft 365:

Note: This rule allows simulated phishing emails from MA to bypass the Junk folder to ensure that your users receive them.

  1. Sign in to your Microsoft Outlook administrative portal.

  2. Under Apps, click Admin.

  3. In the navigation pane, under Admin centers click Exchange.

  4. In the sidebar, select mail flow.

  5. In the rules tab, click + to expand the menu, and then click Bypass spam filtering.

  6. Enter a name such as Arctic Wolf junk filter into the Name textbox.

  7. In the Apply this rule if menu, select The Sender > IP address is any of these ranges or exactly matches.

  8. Enter the MA IP address in the text box, and then click OK.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  9. In the Do the following menu, select Modify the message properties > set a message header.

  10. Click Enter text to set the message header, and then enter X-ArcticWolf.

  11. Click OK.

  12. After to the value, click Enter text to set the value, and then enter Arctic Wolf.

  13. Click OK.

  14. Click Save.

  15. Under Properties of this rule, set the Priority value to the same value as you did in Bypassing clutter and spam filtering in Microsoft Exchange.

You have now successfully added the MA IP address to bypass the Junk folder.

Google AllowList options

The following sections outline how to AllowList MA IP addresses and email headers in Google services.

Configuring your AllowList in Google Workspace

To AllowList the MA IP address in Google Workspace:

  1. Sign in to the Google admin console.

  2. Click Apps and then click Google Workspace from the list.

  3. Click Gmail.

  4. Click Advanced Settings to expand it.

  5. Enter the MA IP address into the Email Allow List text box.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  6. Click Save.

You have now successfully added the MA IP address to your Google Workspace AllowList. You can optionally add header filtering following the instructions in Configuring header filtering in Google Workspace.

Configuring header filtering in Gmail

To configure Gmail to allow MA headers:

  1. Sign in to the Google admin console.

  2. Click Apps and then click Google Workspace from the list.

  3. Click Gmail.

  4. Click Compliance to expand it.

  5. Under Objectionable Content, click Configure.

  6. Select Name the content > Inbound > Add custom headers.

  7. Enter the header values for MA.

    Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for all header values.

  8. Select Bypass spam filter for this message

  9. Click Save.

You have now successfully added the Arctic Wolf headers to your Gmail settings.

Configuring a Mimecast Permitted Sender policy

To create a new Permitted Sender policy in your Mimecast settings to allow MA phishing and training-related emails into user inboxes:

Note: You must create a new Permitted Sender policy for this process. Do not edit the default Permitted Sender policy.

  1. Sign in to the Mimecast Administration Console.
  2. Click Administration in the toolbar, and then select Gateway > Policies.
  3. From the list, select Permitted Senders.
  4. Click New Policy, and then configure these settings for the policy:
    • Enter a name for the policy, such as Arctic Wolf Managed Awareness.
    • Select Permit sender for the permitted sender policy.
    • In the Addresses Based On list, select The Return Address (Email Envelope Form).
    • In the Applies From list, select Everyone.
    • In the Specifically textbox, enter Applies to Everyone.
    • In the Enable / Disable list, select Enable.
    • In the Set policy as perpetual list, select Always On.
    • In the Date Range list, select All Time.
    • Verify that Policy Override is selected.
    • Do not select Bi Directional.
    • In the Source IP Ranges text box, enter the MA IP address.

      Tip: See the Managed Security Awareness section of Arctic Wolf IP Addresses for the IP address.

  5. Save the policy.

You have now successfully created a new Permitted Sender policy for your Mimecast email settings. We recommend configuring a test campaign with a small number of users to ensure that the policy works as intended, before sending a campaign to all your users.

For more information about Mimecast policy options, see the Mimecast Knowledge Base.

Configuring your AllowList in Barracuda

To AllowList the MA IP address in Barracuda, follow the Barracuda block list instructions on the Barracuda website.