Skip to content

M365 exclusions

You must configure the advanced delivery settings in Microsoft 365 to add the Sophos Phish Threat IP addresses and domains.

To configure the advanced delivery setting in Microsoft 365, do as follows:

  1. Sign in to Microsoft 365 admin center.
  2. Click Show all > Security.

    You're redirected to the Microsoft Defender portal.

  3. Click Email & collaboration > Policies & rules.

  4. On the Policies & rules page, click Threat policies.
  5. On the Rules section, click Advanced delivery.
  6. Click the Phishing simulation tab.
  7. Click Edit.
  8. Enter the Sophos Phish Threat IP addresses and domains.

    For more information about the IP addresses and domains that Phish Threat uses, see IP addresses and domains.

  9. Click Save.


Sophos Phish Threat campaign materials may be marked as High Confidence Phish. To resolve this, configure third-party phishing simulations in the advanced delivery policy. See Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes.

To find out about the behavior of Office 365 ATP Safe Link and Safe Attachments with Sophos Phish Threat, see the following articles: