KnowBe4 Phishing Simulations

Owned by Matthew Sywulak, created
Last updated: Jul 29, 2024
2 min read

With changes in M365, specifically around Secure by Default, simulation emails from KB4 may be quarantined by M365. The guide below creates a bypass to ensure these simulation emails are not quarantined and are processed by INKY.

Useful Links:

Advanced Delivery Policies in Microsoft Defender for Office 365

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-worldwide&data=04%7C01%7C%7Ccd230c8e695045881d0008d93bb177dd%7C3cfadf87221245b5b7c757c1e0f21997%7C0%7C0%7C637606455672812570%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sHT2HaGUIchv9%20khaFFHRbxdBsj8LMJS4XWofRs%20NvM%3D&reserved=0#use-the-microsoft-365-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy

 Instructions

  1. Navigate to Phishing Awareness Training - INKY

    1. Set KnowBe4 as the Platform

    2. Custom Banner - Neutral (we recommend neutral as it’ll mean you’re testing users on what if INKY misses the phish, but you can set Caution or Danger to force those banners as well).

    3. Always Check: Do not attach raw messages to reports for simulated phishing messages to ensure that reported messages aren’t rescanned and potentially cause click events.

    4. Optionally, select the other options as needed (Note: leaving the email notification address blank will not send an email to anyone)

      image-20240208-175220.png

  2. Navigate to https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation

  3. Add KB4 IPs and the below INKY IPs. After adding the IPs, your Advanced Delivery should look similar to the below screenshot:

    1. INKY IPs: 3.231.237.226, 100.24.129.5, 3.132.108.44, 3.132.222.232, 100.21.157.149, 34.210.15.192

    2. KnowBe4 US, CA, UK, and DE IPs: 147.160.167.0/26, 23.21.109.197, 23.21.109.212 OR…

    3. KnowBe4 EU IPs: 147.160.167.0/26, 52.49.201.246, 52.49.235.189, 23.21.109.197,  23.21.109.212

  4. You’ll also want to make sure your KnowBe4 DKIM Domains need to be listed on the above page and ensure DKIM is turned on within KnowBe4 here: KnowBe4

  5. Finally, add phishtest.inkyphishfence.com to the domain section of Advanced Delivery as INKY will DKIM sign all messages with that selector after processing the phishing test.

 Related articles

Â