This procedure describes how to manually whitelist Arsen phishing simulation traffic in Microsoft 365 so that simulation emails bypass spam filters, avoid quarantine, and reliably reach employee inboxes.

1 – Objectives

Authorize Arsen simulations using dedicated IP addresses.
Bypass anti-spam filtering to avoid false positives.
Prevent simulation emails from being quarantined.
Improve deliverability using a Microsoft 365 connector.

2 – Prerequisites

Administrator access to the Microsoft 365 tenant.
Ability to access Microsoft 365 Defender and the Exchange Admin Center.
Permissions to modify mail flow and anti-spam policies.

3 – Add Arsen IP Addresses to the Allowed IP List

Steps:

Sign in to Microsoft 365 Defender.
Go to Policies & Rules → Threat Policies.

Microsoft 365 Defender navigation showing “Policies & Rules” and “Threat Policies”.

Open Connection Filter Policy (Default) → Edit connection filter policy.

Threat policies list displaying anti-spam settings and the default connection filter policy.

Liste des politiques anti-spam et ouverture de la Connection filter policy (Default).

Under Always allow messages from the following IP addresses, add:
- 161.38.204.14
- 185.211.123.249
Check Turn on safe list and click Save.

Connection filter policy editor with 161.38.204.14 added and Safe List enabled.

4 – Bypass Anti-Spam Filtering

Open the Microsoft 365 Admin Center.
Navigate to Exchange.

Microsoft 365 Admin Center highlighting access to Exchange Admin Center.

Go to Mail Flow → Rules.
Click + → Create a new rule.

Exchange Admin Center showing “Add a rule” in the Mail Flow section.

Configure the rule:

Name: Arsen Simulation Access
Apply this rule if…
- The sender → IP address is in any of these ranges or exactly matches
- Add: 161.38.204.14, 185.211.123.249

Condition being configured with sender IP address 161.38.204.14

Actions:

Modify the message properties → Set a message header
- Header: X-MS-Exchange-Organization-BypassClutter
- Value: true

Add another action:
Modify the message properties → Set the spam confidence level (SCL) to
- Value: -1 (Bypass Spam Filtering)

Rule configuration showing SCL set to -1

Click Next, review, and Save.

Récapitulatif des conditions d’une règle de transport Exchange pour Arsen : IP autorisée, bypass Clutter et SCL -1

5 – Prevent Emails from Being Quarantined

In Mail Flow → Rules, create another new rule.

Microsoft Exchange menu showing mailbox and mail flow management sections.

Configure:

Name: Arsen Quarantine Avoidance
Condition:
The sender → IP address is in any of these ranges or exactly matches
- Add: 161.38.204.14, 185.211.123.249

Action: