Required Configuration for Phishing Simulation emails
Exchange online protection (EOP)/ Defender for Office 365 (MDO) customers who want to send phishing simulation emails, need to configure advance delivery policy for optimal behavior.
This policy will ensure that emails that match your conditions are delivered unfiltered to the Inbox and that safe links time of click protection and post-delivery actions are disabled. Previously, EOP supported this scenario for some phishing simulation vendors by honoring admin configured Exchange transport rules stamping SCL -1 or the header (X-MS-ExchangeOrganizationPhishTraining).
But this was a temporary solution and will be discontinued soon.
Microsoft advises all customers who use phishing simulation products to configure advance delivery policy for a smooth product experience.
How this will affect your organization:
If you are using a 3rd party phishing simulation product and haven’t configured advanced delivery policy, you might notice these emails getting quarantined.
What you need to do to prepare:
Instead of using mail flow transport rules, we recommend using Advance Delivery Policy