Tartan App
Help Center / Setup & Configuration

Advanced Delivery Policies in Microsoft Defender for Office 365 (ADP) Setup Guide

Learn how to set up Microsoft Defender Advanced Delivery Policies for more realistic phishing simulations that bypass spam filters.

What Is Microsoft ADP?

Microsoft Defender Advanced Delivery Policies is an advanced allowlisting mechanism that lets you bypass Microsoft's anti-spam and anti-phishing email filters for approved senders. As a result, it improves the deliverability of simulated emails.

For more details, see Microsoft's official documentation.

Prerequisites

Before setting up ADP, ensure you have:

  • Microsoft 365 administrator access
  • Recipients using email addresses from your Microsoft 365 domain
  • Admin permissions to configure policies for Microsoft Defender for Office 365

Step-by-Step Setup Guide

Step 1: Obtain the Whitelisting Information

  • Log into your Tartan account
  • Navigate to Phishing Campaign
  • Select the Microsoft ADP (Recommended) option under the Email Delivery Method section
  • Information for copying will appear in the tables

Step 2: Configure ADP in Microsoft Defender

  1. Access Microsoft Defender
  2. Navigate to Threat Policies
    • On the left menu expand the Email & Collaboration section
    • Select Policies & Rules, then choose Threat Policies
  3. Access Advanced Delivery
    • Under the Rules section choose Advanced Delivery
    • Select the Phishing Simulation tab
    • Select Edit to open the Edit Third Party Phishing Simulations modal
  4. Fill in the Configuration Details
    • The domains provided under Phishing Simulation Domains
    • The IP addresses provided under Sending IP
    • The simulation URLs provided under Phishing Simulation URLs

    Important: URL Format

    URLs should be rewritten following this format: https://my.tartan.app/ to *.tartan.app/*

  5. Save Configuration
    • Click Save to finish the process
    • It may take up to 2 hours for changes to take effect

Allowlisting Training Domains With Safe Links

Some Microsoft Defender setups include Safe Links filtering, which may block external links included in training pages. To prevent this, add the Tartan domains used in your simulations to the policy in Microsoft Defender.

Step-by-Step Setup Guide

  1. Access Microsoft Defender
  2. Navigate to Safe Links
    • On the left menu expand the Email & Collaboration section
    • Select Policies & Rules, then choose Threat Policies
    • Under the Policies section choose Safe Links
  3. Create New Policy
    • Select Create to add a new policy
    • Give the policy a name and description so you can identify it later
    • Press Next to continue
  4. Add Organization Domains
    • Add your organization's domain or domains in the input titled Domains
    • Press Next
  5. Configure Safe Links Settings
    • Enable the option for Safe Links to check a list of known malicious links when users click links in email
    • Click Manage 0 URLs under Do Not Rewrite the Following URLs in Email
  6. Add Tartan URLs
    • Add the URLs shown in the Phishing Simulation URLs table in Tartan

    Important: URL Format

    URLs should be rewritten following this format: https://my.tartan.app/ to https://my.tartan.app/*

  7. Add Each URL
    • For each URL in the table, select Add URLs on the Microsoft page
    • Enter the URL
    • Click Save

Need Help?

If you encounter issues or need assistance with your ADP setup:

  • Contact our support team through this support form
  • Include details about error messages or specific issues you are experiencing
  • Our team can help verify your configuration and troubleshoot delivery problems

Security Note

Advanced Delivery Policies require appropriate permissions to bypass spam filters for approved senders. This access is used solely for authorized phishing simulation purposes and follows strict security protocols to protect your organization's data and privacy.

Need additional help with ADP setup?

Contact Support