Allowlisting: PowerShell Scripts

PowerShell Scripts

Please only use the scripts if you are familiar with running them in your environment.

Example:

New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains betterphish.com,shippingalerts.com,amazingdealz.net,berrysupply.net,coronacouncil.org,couponstash.net,creditsafetyteam.com,autheticate.com,notificationhandler.com,phinsecurity.com -SenderIpRanges 198.2.177.227


Sometimes it is important to enable a Transport rule to force emails to show in users' inboxes whether they have “Focused Inbox” mode enabled or not. This script will create a new Transport Rule

New-TransportRule -Name "Bypass Focused Inbox for Phin" -SenderIpRanges “198.2.177.227/32” -SetHeaderName "X-MS-Exchange-Organization-BypassFocusedInbox" -SetHeaderValue "True"

Additionally, you may need to enable Advanced Delivery policy/rules so that test emails are properly identified as phish simulation tests and are not blocked. If these emails are reported to Microsoft, they will also NOT be scanned, causing false-positive click reports.

Commands to be run from the “Exchange Online PowerShell”:

New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries "*.betterphish.com/*","*.shippingalerts.com/*","*.amazingdealz.net/*","*.berrysupply.net/*","*.coronacouncil.org/*","*.couponstash.net/*","*.creditsafetyteam.com/*","*.autheticate.com/*","*.notificationhandler.com/*" -NoExpiration

Commands to be run in the “Exchange Security & Compliance PowerShell”:

New-PhishSimOverridePolicy -Name PhishSimOverridePolicy

New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains 'betterphish.com','shippingalerts.com','amazingdealz.net','berrysupply.net', 'coronacouncil.org','couponstash.net','creditsafetyteam.com','autheticate.com','notificationhandler.com' -SenderIpRanges 198.2.177.227