Microsoft is adding support for allowing emails containing malicious URLs or attachments to reach the mailboxes of end-users to make it easier to run phishing training sessions or simulations.
This will be done via a self-remediation portal by enabling Office 365 security administrators to choose items that could contain threats and to allow them to reach the recipients' inboxes after passing through all layers of the Office 365 Exchange Online Protection (EOP) filtering stack.
EOP is a cloud-based filtering service that scans for and blocks spam and emails containing malicious attachments from ending up in Exchange Online mailboxes.
Dedicated Allow/Block list portal
"We understand that from time to time, customers may want to ensure delivery of certain messages containing malicious content for specific reasons, such as phishing simulations and training," the company explains on the feature's roadmap page.