# 1. Create the override policy New-PhishSimOverridePolicy -Name PhishSimOverridePolicy # 2. Confirm it’s there Get-PhishSimOverridePolicy # 3. Create the override rule pointing to the allowlisted domains & IPs New-ExoPhishSimOverrideRule ` -Name PhishSimOverrideRule ` -Policy PhishSimOverridePolicy ` -Domains "sat-coro.net", "eu.sat-coro.net", "mail.microsoft-notifications.co.uk", "mail.hr-staff-updates.com", "info.bluuebeams.com", "mail.google-account-team.com", "mail.google-notifications.co.uk", "mail.noreply-deliveroocredit.co.uk", "info.onedrivesharing.com", "mail.noreply-amazon.co.uk", "email.dpdupdates.co.uk", "info.electrosoftt.com", "mail.file-transf3rs.com", "mail.linkedin-network.com", "mail.insightfulsurveys.com", "mail.dropbox-notifications.co.uk", "mail.windowsmessages.com", "promo.e-cards-mail.com", "info.noreply-linkedinverify.co.uk", "security.microsoftaccountalert.com", "info.royaal-maill.com", "mail.bankfraudteam.com", "apple.isecurity-alerts.com", "mail.amazoneorder.com", "mail.fa-uk.com", "portal.coffee-vouchers.com", "info.who-travel-updates.com", "mail.365invoices.com", "info.just-eat-voucher.co.uk", "info.gmaillogin.co.uk", "info.mail365-team.com", "info.google-notificatons.com", "mail.netflix-password.co.uk", "info.netlfix-update-details.com", "info.netlixnotifications.co.uk", "mail.traffordgov.com", "secure.accessyourcloud.co.uk", "info.microsoft-security-alerts.com", "drive.fileboxshare.com", "mail.noreply-ubercredit.co.uk", "info.dhlshipping.co.uk", "mail.theaccountsgroup.com", "mail.staff-payroll-updates.com", "info.mydeliverytracker.com", "info.freshworked.co.uk", "mail.webcontracttar.co.uk", "mail.noreply-hmrcupdate.co.uk", "mail.nhs-antibodytest.co.uk", "mail.noreply-sage.com" ` -SenderIpRanges 23.249.219.118,18.168.104.87,13.42.200.223,3.9.228.40,3.127.7.20,63.178.172.172,13.216.31.253,74.177.142.1 # 4. Allowlist the phishing website URLs in Defender’s tenant allow/block list New-TenantAllowBlockListItems ` -Allow ` -ListType Url ` -ListSubType AdvancedDelivery ` -Entries *.boxphish.com/*,*.microsoft-notifications.co.uk/*,*.dropbox-notifications.co.uk/*,*.gmaillogin.co.uk/*,*.file-transf3rs.com/* ` -NoExpiration # 5. Verify your rule Get-ExoPhishSimOverrideRule