Email Server Whitelisting: Directions for Office 365, Exchange 2013, Exchange 2016

Here are the steps to whitelisting the above IP addresses in Office 365, Exchange 2013 or Exchange 2016:

  1. Add an IP address to your whitelist
    1. Log into your mail server admin portal and click Admin.
    2. Click Exchange under Admin Centers in the left-hand menu.
    3. Click connection filter beneath protection.
    4. Click the Pencil icon to edit the default connection filter policy.
    5. Click connection filtering. Then, under the IP Allow list, click the + sign to add an IP address.
    6. On the Add allowed IP address screen, add our IP addresses one at a time.
    7. Click OK, then Save.
  2. To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft's EOP, follow the steps below.
    1. From the Exchange admin center, select Mail Flow from the left-hand menu.
    2. Click the (+) button beneath Rules and then select Bypass Spam Filtering.
    3. Give the rule a name, such as "Bypass Clutter & Spam Filtering by IP Address".
    4. Click the Apply this rule if... drop-down menu and select The Sender then IP address is in any of these ranges or exactly matches.
    5. Enter all of our IP addresses, then click OK.
    6. Click the Do the following drop-down and select Modify the message properties then set a message header.
    7. Click the *Enter text... button after "Set the message header" to set the message header.  Enter the following: "X-MS-Exchange-Organization-BypassClutter". This field is case sensitive. Once entered, click OK.
    8. Click the *Enter text... button after "to the value" and enter "true". This field is case sensitive. Once entered, click OK.
    9. From the drop-down menu for Do the following... select Modify the message properties. Then, click Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.
    10. Click Save. See an example below
  3. Office 365 Only Bypassing the Junk Folder
    1. From the Exchange admin center, select mail flow from the left-hand menu.
    2. Click the (+) button beneath Rules.
    3. Select Bypass spam filtering....
    4. Give the rule a name, such as "KnowBe4-Skip Junk Filtering".
    5. Click the Apply this rule if... drop-down menu and select The Sender, then select IP address is in any of these ranges or exactly matches.
    6. Enter all of our IP addresses, then click OK.
    7. Click the Do the following drop-down menu and click Modify the message properties then Set a Message Header.
    8. Click on the *Enter text... button after "Set the message header" to set the message header. Enter the following text: "X-Forefront-Antispam-Report". This value is case sensitive. Then, click OK.
    9. Click the *Enter text... button after "to the value" and enter "SFV:SKI;". Please be aware that this field is case sensitive. Once the text is entered, click OK.
    10. Beneath Properties of this rule, set the priority to directly follow the rule you created in the section above.
    11. Click Save. See an example below
  4. Office 365 Only Set Up a Connector to Prevent Deferments. Adding a connector will prevent your emails from being deferred in Office 365 due to Microsoft's rate limiting or similar settings.
    1. From your Exchange admin center, navigate to mail flow > connectors.
    2. Click the + sign to create a new connector.
    3. In the From field, click the drop-down menu and select Partner organization.
    4. In the To field, click the drop-down menu and select Office 365.
    5. Click Next.
    6. On the next screen, you will need to name the connector. Name it something identifiable, such as BrightArrow Connection Filter. You can also add a description if you'd like.
    7. When you're done, click Next.
    8. Select the Use the sender's IP address option and then, click Next.
    9. Add all of our IP addresses.
    10. Once you've added all of our IP addresses, click Next.
    11. Do not select the Reject email messages if they aren't sent over TLS security option unless you’ve requested that from us. This option ensures that only emails that are TLS encrypted will be sent through. Since not all services allow for that we only use it if specifically requested.
    12. Click Next and then after reviewing that your settings for the connector are correct, click Save.
  5. Email gettechsupport@brightarrow.com to let us know. We will add you to our list so we can notify you when we add servers.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles