You should whitelist usecure IP addresses to ensure that your training and simulated phishing emails get delivered to your end users successfully. This guide will show you how to do so in Office 365 / Microsoft 365.

Whitelisting by IP address in O365/M365

To ensure usecure emails are delivered to your Microsoft 365 mailboxes, you will need to add usecure IPs to your IP Allow List in Exchange Online.

  1. Open the Security & Compliance Centre in Exchange Online
  2. Navigate to Threat management > Policy > Anti-Spam
  3. On the Anti-Spam settings page, expand Connection filter policy by clicking the downward arrow
  4. Click Edit Policy
  5. In the Default flyout, find IP Allow List and click Edit
  6. In the Address or address range box, click Add + and enter the usecure IPs:

Finally, Click Save to enable the new settings.

Whitelisting by IP address in Microsoft Exchange 2013 & 2016

This is the old guide to whitelisting in O365 using previous versions of Microsoft Exchange.

Setting up your IP allow list

  1. Log in to the Admin portal on your Office 365 mail server
  2. Navigate to Admin centers > Exchange in the left-hand menu
  3. Under protection, click connection filter
  4. Click the pencil icon on the top left of the connection filter screen
  5. Click connection filtering on the left-hand men
  6. Under IP Allow list, click the + sign
  7. The Add allowed IP address window will now open. Add the IP addresses &
  8. Click OK
  9. Click Save

Bypassing the clutter and spam filters

  1. Log in to the Admin portal on your Office 365 mail server
  2. Navigate to Admin centers > Exchange in the left-hand menu
  3. Click mail flow on the left-side menu
  4. Click the + sign on the top left of the mail flow page, and select Bypass spam filtering… from the drop-down menu
  5. In the new rule window, give your filtering rule a name (such as ‘Training and Simulated Phishing Bypass’)
  6. Click on the drop-down menu under Apply this rule if… and choose IP address is in any of these ranges or exactly matches
  7. In the window that opens up, add the usecure IP addresses: &
  8. Click OK to close the window
  9. Ensure that the Do the following… field is set to Set the spam confidence level (SCL) to… and that Bypass spam filtering is set on the right
  10. Scroll down to the Match sender address in message option, and select Envelope from the drop-down menu
  11. Click Save

It is a good idea to enrol yourself on a course first to test that emails are being delivered successfully through the spam filter.

If you still have trouble receiving training, reminder or simulated phishing emails from the usecure app, please contact support. 

Did this answer your question?