Skip to content

Advanced delivery

Advanced delivery allows you to specify inboxes that skip all filtering within Exchange or allow your phishing campaigns from a third-party tool to be sent to your mailboxes.

SecOps mailbox

If you have a mailbox your users are accustomed to sending phishing, malware, or other suspicious messages to, it does no good having them forward those messages if they are quarantined. The same goes for maybe an "abuse" mailbox you might have published publicly, so someone can report someone impersonating your brand.

This is where SecOps mailboxes come in, they skip ALL email filtering. With that in mind, users who have access to this mailbox should be highly aware of this, utilize caution, sandboxes, etc. when interacting with these messages. You cannot use a distribution list here.

Additionally, Microsoft will denote that a message was delivered because of the SecOps override.

Tip

If you are using this because your users send suspicious emails to a specific mailbox, consider changing your user training to having them report the message as spam, or phishing in the Microsoft native tooling. This allows Microsoft to evaluate the message and potentially ZAP them across the environment.

To configure this simply click Add if this is your first SecOps mailbox or Edit if you already have one listed. Input the mailbox name, select the record and hit save to add it to the list of mailboxes to skip spam filtering.

Phishing simulation

If using Microsoft's attack simulation training this is not necessary in your environment.

For phishing simulation advanced delivery you can look at the Microsoft documentation here, however it would usually be advisable to follow the documentation outlined by your third-party phishing simulation providing. A few such pieces of documents are shared below.

Third-party tools

This is not an exhaustive list and I have no affiliation or preference with these tools, the priority is training your users. They all have pros and cons, if you don't have a third-party tool today and Microsoft's attack simulation training is included in your licensing I would start there. You can identify any features missing you would like and evaluate other tools based on that knowledge. The key is training your users to spot phishing.