lazyadmin.nl Open in urlscan Pro
2606:4700:3034::ac43:a4bc Public Scan

Back to summary

URL:
https://lazyadmin.nl/office-365/whitelist-email-address-office-365/
Submission: On May 21 via manual (May 21st 2024, 7:49:10 pm UTC) from CA — Scanned from NL

Form analysis
3 forms found in the DOM

GET https://lazyadmin.nl/

<form method="get" class="search-form navigation-search" action="https://lazyadmin.nl/">
  <input type="search" class="search-field" value="" name="s" title="Search">
</form>

GET https://lazyadmin.nl/

<form method="get" class="search-form navigation-search" action="https://lazyadmin.nl/">
  <input type="search" class="search-field" value="" name="s" title="Search">
</form>

POST https://lazyadmin.nl/wp-comments-post.php

<form action="https://lazyadmin.nl/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
  <p class="comment-form-comment"><label for="comment" class="screen-reader-text">Comment</label><textarea id="comment" name="comment" cols="45" rows="8" required=""></textarea></p><label for="author" class="screen-reader-text">Name</label><input
    placeholder="Name *" id="author" name="author" type="text" value="" size="30">
  <label for="email" class="screen-reader-text">Email</label><input placeholder="Email *" id="email" name="email" type="email" value="" size="30">
  <label for="url" class="screen-reader-text">Leave Empty</label><input placeholder="Leave Empty " id="url" name="url" type="text" value="" size="30">
  <p class="comment-form-subscriptions"><label for="subscribe-reloaded"><input style="width:30px" type="checkbox" name="subscribe-reloaded" id="subscribe-reloaded" value="yes"> Notify me of followup comments via e-mail. You can also
      <a href="https://lazyadmin.nl/comment-subscriptions/?srp=5867&amp;srk=1ee5dad2be1a3f5b900eccf9b5db9a3b&amp;sra=s&amp;srsrc=f">subscribe</a> without commenting.</label></p>
  <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="5867" id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0">
  </p>
  <p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="54ef27a49a"></p>
  <p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="203">
    <script type="rocketlazyloadscript">document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script>
  </p>
</form>

Text Content

Menu
* Articles
* Home Network
* Office 365
* Microsoft Office 365 Comparison
* PowerShell
* Smart Home
* SysAdmin
* Windows 11
* Blogging
* Tools
* Network Gear
* About
* Newsletter
* Shop
*

HOW TO WHITELIST AN EMAIL ADDRESS IN OFFICE 365

Published January 30, 2022 Last updated March 6, 2024 by Rudy Mens7 Comments

Threat policies in Exchange Online prevent phishing emails and malware from
ending up in the user’s mailbox. But sometimes legitimate emails end up in the
spam folder as well.

Although users can mark them as a safe sender manually in Outlook, sometimes
it’s just easier to do this on a tenant level. In Office 365 we can whitelist an
email address using mail flow rules or by editing the anti-spam policy.

In this article, I will explain how you can use the mail flow rules or anti-spam
policy to whitelist an email address. Also, we will take a look at how to use
PowerShell for this.

WHAT YOU NEED TO KNOW

As mentioned, there are two options to whitelist an email address in Office 365.
The difference between the two is the level of security. The easiest method is
to add the email address to the allowed sender list in the Anti-Spam policy. But
the problem is that emails sent from this address will bypass all security
checks, including SPF and DMARC.

This means that attackers can easily spoof the email address without anybody
noticing it. A more secure (and recommended) option is to use the mail flow
rules. These rules allow us to keep the DMARC check-in place or even check on
specific keywords in the subject.

Adding additional conditions to the mail flow rule ensures that only the
intended sender bypasses the spam filters and attackers are kept out.

OFFICE 365 WHITELIST EMAIL ADDRESS WITH MAIL FLOW RULES

We are first going to take a look at the recommended and most secure way to
whitelist an email address in Office 365. Mail flow rules not only allow us to
warn users of suspicious emails but also allow us to bypass the spam filter.

When creating a mail flow rule, we want to be as specific as possible. So if the
sender always users the same keyword in the subject, then add it to the rule. If
the sender is always using the same server to send the email, then add the IP
Address of that server to the rule. And when possible, check if the DMARC result
was positive.

1. Open the Exchange Admin Center > Expand Mail Flow and click on Rules
2. Add a new rule and select Create a new Rule

3. Give the rule a name, for example, Allow <emailaddress>
4. Apply this rule if > The Sender and select This Person

4. Type the external email address in the Select members field and Select it
from the suggestion box or press enter when you have typed the address.
Click Save when done
* It may look like you can only select internal users, but you can actually
type external email addresses here. Or select an external contact that you
have created in Office 365
* Make sure that you press enter or click on the address to add it.
* You can add multiple email addresses here

5. Under Do the Following select Modify the message properties
6. Set it to Set the spam confidence level (SCL) and choose Bypass spam
filtering

This is the basic rule to whitelist an email address in Microsoft 365. To
improve security and to make sure that the email address isn’t spoofed, we can
add some additional conditions under the Apply this rule if step (click on the +
sign to add additional conditions)

6. The message header > includes any of these words. Filtering on DMARC results
is a good way to prevent spoofing of a whitelisted domain. Add
Authentication-Results under “Enter text” and dmarc=pass and
dmarc=bestguesspass under “Enter words…”
7. The Subject or Body > Subject includes any of these words. This way you can
further filter the emails based on a word in the subject line.

8. Click Next to continue
9. Set the rule mode to Enforce
10. Click Next and Finish to create the rule

You have now successfully whitelisted the email address in Office 365. If you
need to whitelist multiple email addresses then it can be easier to update the
rule with PowerShell. More about that later in the article.

WHITELIST EMAIL IN OFFICE 365

The other and easier to implement option is to add the sender to the allowed
sender list in Office 365. For this, we will need to modify the Anti-Spam policy
which you can find Microsoft 365 Defender.

> Note
>
> Using the allowed sender list and allowed domain list in anti-spam policies is
> the least desired option. Because senders will bypass all protection methods
> (spam, spoof, phishing, SPF, DKIM, DMARC). Use this option only temporarly for
> testing.

1. Open Microsoft 365 Defender
2. Click on Policies and Rules and choose Threat Policies
3. Open the Anti-Spam policies

4. Scroll all the way down in the fly-out and click on Edit allowed and blocked
senders and domains

5. Under Allowed open Manage sender(s)
6. Click Add senders to add a new sender to the list

7. Click Done and save to apply the settings

Emails from the sender are now excluded from the spam filter and should arrive
in the inbox of the users.

USING POWERSHELL TO WHITELIST EMAIL ADDRESS IN OFFICE 365

If you need to whitelist email addresses in multiple tenants or need to
whitelist multiple email addresses then it can be easier to use PowerShell. With
PowerShell we can modify the anti-spam policy and mail flow rules, allowing you
to easily add an email address.

Make sure that you are connected to Exchange Online in PowerShell.

We are first going to take a look at the anti-spam policy. To list all content
filter policies in Exchange Online we can use the following cmdlet:

# List all policies
Get-HostedContentFilterPolicy

We want to modify the Default spam policy, so lets first check the current
configuration of the policy:

# List the complete policy
Get-HostedContentFilterPolicy -Identity 'default' | fl

# Show only the allowed senders list
Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders

You can set the allowed sender using the following cmdlet, keep in mind that
this will overwrite the existing addresses:

Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders "unifi@stonegrovebank.com","lab02@stonegrovebank.com"

To add or remove email addresses from the list we can use the add or remove
function:

Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders @{Add="ui@stonegrovebank.com";remove="lab02@stonegrovebank.com"}

Verify the results with:

Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders

UPDATING MAIL FLOW RULES WITH POWERSHELL

Also mail flow rules can be updated with PowerShell. Again make sure that you
are connected to Exchange Online. First we are going to list all existing mail
flow rules, so we know which identity to use:

Get-TransportRule

To get the details from the transport rule, and to list the allowed sender, use
the following cmdlet. The identity is the full name of the transport rule.

Get-TransportRule -Identity "Allow unifi@stonegrovebank.com" | Select from

To add one or multiple email addresses to the mail flow rule, we can use the
following syntax. Keep in mind that this will overwrite any existing addresses:

Set-TransportRule -Identity "Allow unifi@stonegrovebank.com" -From "ui@stonegrovebank.com","lab01@stonegrovebank.com"

We can’t add or remove a single address in a transport rule, so if you will need
to supply all email address if you want to add a single one to an existing list.

WRAPPING UP

Try to use mail flow rules as much as possible when you want to whitelist an
email address in Office 365. Always make sure that you add an extra check to the
rule, like a keyword, server or DMARC pass.

I hope this article helped you with whitelisting the sender, if you have any
questions, just drop a comment below.

Tweet
Pin
Share
Share
0 Shares

Tags Exchange Online Microsoft 365 Office 365 Powershell

YOU MAY ALSO LIKE THE FOLLOWING ARTICLES

May 14, 2024

HOW TO USE HIGH VOLUME EMAIL IN MICROSOFT 365

May 3, 2024

HOW TO USE PASSKEYS IN MICROSOFT AUTHENTICATOR FOR MICROSOFT ENTRA ID

May 2, 2024

NEW OUTLOOK FEATURE – FOLLOW A MEETING

7 THOUGHTS ON “HOW TO WHITELIST AN EMAIL ADDRESS IN OFFICE 365”

1. Andrew
March 1, 2024 at 12:12 | Reply

Bypass spam filtering is no longer there in the add a rule in exchange admin
centre.

* Rudy Mens
March 6, 2024 at 12:24 | Reply

Article is updated.
2. Karsten Illum Vendler
January 17, 2023 at 13:34 | Reply

Thank you, for your time spent on this 🙂

3. Chris
January 16, 2023 at 16:34 | Reply

Hey Ruud, thanks for posting the article. Quick question, is managing the
email whitelist still only possible from the admin perspective, and there’s
currently no native way in O365 for an end user to be able to do this
without inserting some 3rd party tool into the mix? I’m starting to get
harassed from our sales team about the amount of email that gets caught in
the spam filter, and I’m not sure there’s really much of anything I can do
as I can’t really change the algorithms and don’t want to set a precedent of
having to be the one stop for whitelisting individual emails for the entire
company. I’m thinking I might need to instruct them to be more diligent
about checking the quarantine themselves but that alone seems not a great
response without a way for them to personally whitelist their own email.

Thanks again!

* Rudy Mens
January 17, 2023 at 13:31 | Reply

User can only report it as not junk mail through Outlook, but that isn’t
the same as whitelisting. Unfortunately there is no other option for it.
4. Karsten Illum Vendler
August 12, 2022 at 10:53 | Reply

Hi Ruud

I’m pretty new to using PS, but du understand how powerfull a tool it is, in
ths article you mention that one can use PS to maintain antispam policy’s,
to start you post the cmdlet
Get-HostedContentFilterPolicy
All good so far, but here comes my problem, when i look up the policy list
via the portal, i get 5, where 3 of them ar default, but with the mentioned
cmdlet i only get 2
Name SpamAction HighConfidenceSpamAction IsDefault
—- ———- ———————— ———
EDH mailboxes MoveToJmf Quarantine False
Default Quarantine Quarantine True

What am i not understanding? doing wrong?
Regards Karsten V

* Rudy Mens
August 22, 2022 at 14:02 | Reply

Yes, it seems that we can’t change the three default rules that are marked
“always on” in PowerShell. I have no idea why they are not listed, can’t
find anything about it in the documentation.

lazyadmin.nl Open in urlscan Pro 2606:4700:3034::ac43:a4bc Public Scan

Form analysis 3 forms found in the DOM

GET https://lazyadmin.nl/

GET https://lazyadmin.nl/

POST https://lazyadmin.nl/wp-comments-post.php

Text Content

lazyadmin.nl Open in urlscan Pro
2606:4700:3034::ac43:a4bc Public Scan

Form analysis
3 forms found in the DOM