🛠️ 1. Advanced Delivery for Phishing Simulations
The Advanced Delivery policy in Microsoft 365 Defender tells Microsoft to bypass spam and malware filtering for revel8 phishing simulation emails. Without this, simulation emails may be blocked or quarantined before reaching your users.
💡 Get your revel8 domains & IPs first or ensure you have platform access
Before starting, make sure you have either access to the revel8 platform to retrieve the relevant domains ( Integrations → Whitelisting) or you have the list received by the respective contact.
Go to security.microsoft.com and sign in as a Global Administrator or Security Administrator or open the Defender application from your Entra ID Admin Center
In the left navigation, go to Email & collaboration → Policies & rules.
Click Threat policies.
Navigate down to the Rules section and click Advanced delivery.
Select the Phishing simulation tab, then click Edit.
The Edit third-party phishing simulations panel opens. Fill in the following fields using the values from the revel8 Integrations → Whiteslisting tab:
Sending domain — Enter the revel8 Email domains (e.g.
internal-notification.com.) - paste from the copied domains. Add one domain per entry.
Sending IP — Enter the revel8 IPv4 addresses you find at the bottom of the page
Simulation URLs to allow: Simulation URLs are not needed at this point an can be left empty
Note: Microsoft might only allow you to add a specific number of domains, so we recommend to copy each entry and activate the toggle in the revel8 platform to keep track of the added domains.
Click Save.
⚠️ Important notes
Each field only supports a specific number of entries you might want to save your setup and edit again
Simulation URLs must use the format
*.example.com/*— plain domains without wildcards will not work correctlyChanges may take up to 30 minutes to take effect after saving.
💡 Impact of the Whitelisting Toggle (Domain Rotation)
By marking a specific Domain or IP as active via the toggle you indicate to the platform that this domain can be used for phishing simulations. The platform then automatically selects from the available active domains, this ensures a dynamic rotation.
🛡️ 2. Configure a Safe Links Policy
Safe Links rewrites and scans URLs in emails, which can cause revel8 simulation links to display a warning page or be blocked in the browser. Create a Safe Links policy that excludes revel8 domains to prevent this. This prevents the user from seing the following warning screen:
💡 License requirement
Safe Links is only available for certain Microsoft Defender for Office 365 Plans. If the option is not visible in your portal, verify your license restrictions.
Go to security.microsoft.com and navigate to Email & collaboration → Policies & rules → Threat policies.
Under the Policies section, click Safe Links.
Click Create to add a new policy.
Enter a Name for the policy (e.g.
revel8 Simulation Exclusion) and optionally a description and click Next.
Under Users and domains, enter your organization's domain as the recipient domain and click Next.
In the URL & click protection settings confirm your expected safe links setup and on the same page, click Manage (0) URLs under the Do not rewrite the following URLs in email section.
Click Add URLs and enter all revel8 phishing domains you want to exclude from Safe Links scanning. Use the domains from the revel8 Whitelisting tab under the section "Safe Link Domains" and "Fake Website Domains"
Click Save, complete the remaining wizard steps, and click Submit to activate the policy.
✅ Final Checklist
Advanced Delivery policy configured for third-party phishing simulations
revel8 sending domains added under Sending domain
revel8 IPv4 addresses entered under Sending IP
Safe Links policy created with revel8 domains excluded
Settings saved — allow up to 30 minutes for changes to take effect