You have noticed that your ESI has suddenly dropped. It could indicate missing or incorrect whitelisting settings. To check whether the whitelisting for the Security Awareness Service has been set correctly, the following steps should be checked.
For customers who use automatic whitelisting
-
The toggle "Allow delivery of simulated phishing emails in Microsoft 365" is activated (ON)
If not, please activate -
Send yourself a test email
-
Check if the mail has reached your inbox
-
Yes: The corresponding whitelisting settings for receiving the mail have been set successfully.
-
No: The corresponding whitelisting settings for receiving the mail may not have been set successfully.
-
To-Do: Check whether the settings in the tenant match the entries in the manual: Setting up Advanced Delivery for Microsoft 365 Defender
-
-
-
Is the interaction ("Interacted") only displayed AFTER you have actively clicked on the link contained in the mail?
-
Yes: The corresponding whitelisting settings for handling links in the simulated phishing emails have been set successfully
-
No: The corresponding whitelisting settings for handling links in the simulated phishing mails may not have been set successfully.
-
To-Do: Check whether the settings in the tenant match the entries in the manual.
-
For Customers with Spam and Malware Protection:
Creating a Transport Rule for Attachments
Creating a Transport Rule for Links -
For Customers without Spam and Malware Protection
Creating a Transport Rule for Attachments
Creating a Transport Rule for Links -
After their creation, customers must activate the transport rules (see Activating a Transport Rule) for them to become effective.
-
-
-
-
If the settings in the tenant did not match the entries in the manual and have now been changed by you, then send yourself another test e-mail and check again.
If you have checked all steps, the test email failed again and you can rule out a misconfiguration according to these instructions, open a support ticket including screenshots of all relevant configurations in your tenant. Our support team can then offer you the best possible support & provide you with further diagnostic options
For customers who do not use automatic whitelisting
-
You have made all the settings as described in the manual for your Microsoft 365 tenant.
-
If not, do this first
-
-
Send yourself a test email
-
Check if the mail has reached your inbox
-
Yes: The corresponding whitelisting settings for receiving the mail have been set successfully.
-
No: The corresponding whitelisting settings for receiving the mail may not have been set successfully.
-
To-Do: Check whether the settings in the tenant match the entries in the manual: Setting up Advanced Delivery for Microsoft 365 Defender
-
-
-
Is the interaction ("Interacted") only displayed AFTER you have actively clicked on the link contained in the mail?
-
Yes: The corresponding whitelisting settings for handling links in the simulated phishing emails have been set successfully
-
No: The corresponding whitelisting settings for handling links in the simulated phishing mails may not have been set successfully.
-
To-Do: Check whether the settings in the tenant match the entries in the manual.
-
For Customers with Spam and Malware Protection:
Creating a Transport Rule for Attachments
Creating a Transport Rule for Links -
For Customers without Spam and Malware Protection
Creating a Transport Rule for Attachments
Creating a Transport Rule for Links -
After their creation, customers must activate the transport rules (see Activating a Transport Rule) for them to become effective.
-
-
-
-
If the settings in the tenant did not match the entries in the manual and have now been changed by you, then send yourself another test e-mail and check again.
If you have checked all steps, the test email failed again and you can rule out a misconfiguration according to these instructions, open a support ticket including screenshots of all relevant configurations in your tenant. Our support team can then offer you the best possible support & provide you with further diagnostic options
Pro-tip: Send yourself a test email and wait a week without interacting. No automatic interaction should have taken place during this period either. If it does: Check your configuration again
Pro-tip: you are not a Microsoft customer AND/OR do you use other email security systems? Then you can find whitelisting instructions for other third-party services here → Exceptions for the Security Awareness Service in Third-Party Email Filters