Microsoft 365 Advanced Threat Protection (ATP) Bypass Rules

If you are using Advanced Threat Protection (ATP) in your mail environment and have experienced false clicks or false attachment opens, it is because ATP has link processing and attachment processing rules that are causing this.

You can set up additional mail flow rules that allow you to bypass safe links and attachments processing for phishing test emails from Wizer's IP addresses. However, if you have a mail filter in front of your mail server, we recommend you whitelist in ATP by email header instead.

ATP Link Bypass Rule

To set up a mail flow rule to bypass ATP link processing:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name such as "Bypass ATP Links".
  3. Click More options
  4. From the Apply this rule if drop-down menu, select The senders then select IP address is in any of these ranges or exactly matches. 
  5. Enter our IP address:
    34.66.138.178
    34.121.251.163
    35.239.224.225
    104.197.155.117
    104.236.69.186
    142.93.178.213
  6. Please select Modify the message properties from the Do the following drop-down menu and then Set a message header.
    • Click the first *Enter text link and set the message header to "X-TestPhish"
    • Click the second *Enter text link and set the value to "X-TestPhish"
  1. Click Save

ATP Link Bypass Rule by Header

To set up a mail flow rule to bypass ATP link processing by header:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name such as "Bypass ATP Links".
  3. Click More options
  4. From the Apply this rule if drop-down menu,  select A message header then selects includes any of these words.
  5. On the right side of that rule, you will see *Enter text and *Enter words
  6. Click *Enter text to open the Specify header name window. In this window, type the header name. For more information on what to enter for your header name, see the note below.
  7. Click *Enter words and type in Wizer and click the + sign.
  8. From Do the following drop-down menu, select Modify the message properties and then set a message header.
    • Click the first *Enter text link and set the message header to "X-TestPhish"
    • Click the second *Enter text... link and set the value to "X-TestPhish
  9. Click Save.

ATP Attachment Bypass Rule

Below are the steps to set up a mail flow rule to bypass ATP Attachment Processing:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name e.g. Bypass ATP Attachments.
  3. Click more options.
  4. From the Apply this rule if drop-down, select The senders then select IP address is in any of these ranges or exactly matches. 
  5. Enter our IP address:
    34.66.138.178
    34.121.251.163
    35.239.224.225
    104.197.155.117
    104.236.69.186
    142.93.178.213
  6. From Do the following drop-down, select Modify the message properties and then Set a message header.
    • Click the first *Enter text... link and set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing"
    • Click the second *Enter text... link and set the value to "1"
  7. Click Save. 

ATP Attachment Bypass Rule by Header

Below are the steps to set up a mail flow rule to bypass ATP Attachment Processing by header:

  1. Create a new mail flow rule in your Exchange/Office Admin center.
  2. Give the rule a name e.g. "Bypass ATP Attachments by Header".
  3. Click more options.
  4. From the Apply this rule if drop-down menu,  select A message header then selects includes any of these words.
  5. On the right side of that rule, you will see *Enter text and *Enter words
  6. Click *Enter text to open Specify header name window. In this window, type the header name. For more information on what to enter for your header name, see the note below.
  7. Click *Enter words … and type in a keyword that should be found in the header. By default, the keyword would be "Wizer". Click the + sign.
  8. From the Do the following… drop-down, select Modify the message properties... and then set a message header.
    • Click the first *Enter text... link and set the message header to "X-MS-Exchange-Organization-SkipSafeAttachmentProcessing"
    • Click the second *Enter text... link and set the value to "1"
  9. Click Save.