Below is a clean, ready‑to‑use allowlist configuration guide for Microsoft 365 Defender to ensure training emails from @attacksimulationtraining.com do not go to spam again.

✅ Allowlist Configuration for Microsoft 365 Defender

This configuration ensures that Microsoft Attack Simulation Training messages are trusted by your mail system.

Important: Microsoft confirms that training notifications must come from Microsoft‑controlled domains such as @attacksimulationtraining.com, and the sender domain cannot be changed.
[learn.microsoft.com]

1. Allow the Sender Domain in Anti‑Spam Policies

Steps

1. Go to https://security.microsoft.com → Email & collaboration → Policies & rules → Threat policies.
2. Open Anti‑spam policies → select your custom policy or create a new one.
3. Under Allowed senders and domains, add:
   • attacksimulationtraining.com

This prevents Microsoft 365 Defender from classifying these messages as spam.

2. Create a Mail Flow Rule (Transport Rule) to Bypass Spam Filtering

Steps

1. Go to Exchange Admin Center → Mail flow → Rules → Add rule.
2. Choose: Bypass spam filtering.
3. Configure:

Conditions

• The sender domain is → attacksimulationtraining.com

Actions

• Set the spam filtering level (SCL) to → -1 (Bypass spam filtering)
• Bypass spam filtering → Enabled

Additional recommended settings

• Stop processing more rules → On

This ensures Defender does not evaluate the message as suspicious.

3. Allowlist Required URLs for Simulation & Training

Microsoft notes that intermediate security devices (firewalls, network filters, proxies) may block the URLs used for Attack Simulation Training, and organizations may need to allowlist them.
[learn.microsoft.com]

Steps

1. Review the list of URLs used by Attack Simulation Training in Microsoft’s documentation.
2. Add Microsoft‑provided phishing simulation URLsto your allowlist in:
   • Web proxies
   • Firewall URL filtering
   • Secure web gateways
   • DNS filtering solutions

This ensures that training portals and redirect links are not blocked.

4. Safe Sender Configuration in Outlook (Optional but Recommended)

For all users (via PowerShell):

You can push Safe Sender entries using the Set‑SpamFilterPolicy cmdlet.

This ensures Outlook clients trust the domain even if personal Safe Sender lists differ.

5. Optional: Customize Training Notifications

While you cannot change the sender domain, Microsoft allows customizing:

• Display name
• Message body
• Branding
  [learn.microsoft.com]

This helps users recognize legitimate training messages and reduces spam reports.

✅ Your Allowlist Checklist

Here’s the quick version you can give to your security admin:

✔ Anti‑spam allowlist: attacksimulationtraining.com

✔ Mail flow rule: “Bypass spam filtering” for this domain

✔ Allow URLs used by training & simulations

✔ Outlook Safe Sender (optional but helpful)

✔ Customize notifications for user trust

If you'd like, I can also generate:

• A PowerShell script that performs all allowlist steps
• A PDF guide you can share with your IT/security team
• A user‑friendly awareness email to reduce false spam reports

Just tell me what you prefer!