top of page

The Definitive Guide to Whitelisting Training Emails in Microsoft 365

We've all experienced Microsoft 365 being overprotective.

Let's look at three ways to whitelist HacWare domains to ensure your end-users receive the training emails.

How to Whitelist in EOP Anti-Spam Protection?

When an email is delivered, it passes through multiple layers of filtering. Follow the steps below to ensure the training content successfully passes through these, it is delivered to the recipient.

1. Open the Exchange Admin Center.

2. Select Mail Flow, then Rules, and click the + to add a rule

3. Click the Bypass Spam Filtering rule

5. Create a new rule or edit an existing rule by doing the following:

6. Ensure Bypass spam filtering is enabled like in the screenshot below.

You can read more about this feature here: Exchange Online Protection (EOP) overview - Office 365 | Microsoft Docs

How to Whitelist in EOP Anti-Phishing Protection?

HacWare's spoofing technology may trigger EOP Anti-Phishing and Anti-Spoofing protection. To ensure your users are trained to spot spoofed phishing emails, please follow the steps below.

5. Click the Threat policies

6. In the Rules section. To go directly to the Advanced delivery

7. On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:

  • Click Edit.

  • if there are no configured phishing simulations, click Add.

7. Add the Domain and Sending IP

When you're finished, do one of the following steps:

  • First time: Click Add, and then click Close.

  • Edit existing: Click Save and then click Close.

You can read more about this feature here: Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes

How to create an Allow List in Microsoft 365 Defender?

HacWare's spoofing technology may trigger the Microsoft 365 Defender Threat policies to block HacWare's phishing simulations to get to your end users. To resolve this issue, please follow the steps below.

These steps will also address certain errors, such as the “We could not verify the identity of the sender” error, from occurring. We recommend that you use the full infrastructure wild-carding method as this is the easiest method to whitelist all emails from HacWare.

Final Thoughts

With these tips, you will ensure your users will be able to receive all their HacWare training emails. If you need further assistance, please reach out to our support team at

Learn more about HacWare at If you are a Managed Security Service provider (MSSP) or IT professional, we would love to automate your security education services, click here to learn more about our partner program.

bottom of page