Microsoft 365 Advanced Threat Protection (ATP) Bypass Rules

If you are using Advanced Threat Protection (ATP) in your mail environment and have experienced false clicks or false attachment opens, it is because ATP has link processing and attachment processing rules that are causing this.

You can set up additional mail flow rules that allow you to bypass safe links and attachments processing for phishing test emails from Wizer's IP addresses. However, if you have a mail filter in front of your mail server, we recommend you whitelist ATP by email header instead.

ATP Link Bypass Rule

To set up a mail flow rule to bypass ATP link processing:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name such as "Bypass ATP Links".
  3. Click More options
  4. From the Apply this rule if drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches. 
  5. Enter our IP address:
    104.236.69.186
    104.197.155.117
    104.131.52.111
    167.71.100.208
    64.225.56.248
    104.131.18.139
  6. Please select Modify the message properties from the Do the following drop-down menu and then Set a message header.
    • Click the first *Enter text link and set the message header to "X-TestPhish"
    • Click the second *Enter text link and set the value to "X-TestPhish"
7. Click Save


ATP Link Bypass Rule by Header

To set up a mail flow rule to bypass ATP link processing by header:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name such as "Bypass ATP Links".
  3. Click More options
  4. From the Apply this rule if drop-down menu,  select A message header then selects includes any of these words.
  5. On the right side of that rule, you will see *Enter text and *Enter words
  6. Click *Enter text to open the Specify header name window. In this window, type the header name. For more information on what to enter for your header name, see the note below.
  7. Click *Enter words and type in Wizer and click the + sign.
  8. From Do the following drop-down menu, select Modify the message properties and then set a message header.
    • Click the first *Enter text link and set the message header to "X-TestPhish"
    • Click the second *Enter text... link and set the value to "X-TestPhish
  9. Click Save.