2LRN4 security awareness platform
← Back to support

Authorization and release of phishing simulations

Phishing simulations are only released once the authorization form has been signed and the whitelisting has been successfully tested.

Before 2LRN4 sends a phishing simulation to an organisation's employees, the campaign goes through a fixed authorization and release process. This ensures there is always explicit consent from the organisation and that the simulation emails actually reach the employees.

Why authorization is required

In a phishing simulation we send fake phishing emails to your organisation's own employees, on your behalf. Because this deliberately differs from normal communication, we ask for written consent in advance. This records that the organisation agrees to running the simulation among its own employees.

1. Complete and sign the authorization form

You receive the authorization form from 2LRN4. You can also download it here:

Download the authorization form (.docx)

Complete the form, sign it and return the signed copy to 2LRN4. We only take the next step once we have received the signed form.

2. Set up whitelisting

Whitelisting is set up by the organisation itself or by the party to which IT has been outsourced. This ensures the simulation emails are not blocked by spam filters or security measures.

Follow the work instruction Whitelisting phishing simulations in Microsoft 365 Defender. It contains the fixed IP details and the steps for Connection Filter, Safe Links and Advanced Delivery.

3. Test by 2LRN4

Once whitelisting is in place, 2LRN4 checks that everything is set up correctly. We do this by sending a test email from the simulation environment and monitoring whether it arrives at the recipient without warnings and without filtering.

4. Releasing the campaign

If the test is successful, 2LRN4 releases the campaign. Only then is the phishing simulation scheduled and sent. If the test does not go well, we coordinate with the organisation (or the IT party) on which adjustment to the whitelisting is needed and repeat the test.

Checklist before go-live

  • Authorization form completed, signed and returned to 2LRN4
  • Whitelisting set up according to the Defender instruction (IPs, Safe Links, Advanced Delivery)
  • Test email from 2LRN4 received and arrived without warning/filtering
  • Campaign released by 2LRN4
Stuck?

Ask a question or book a short demo. We'll help you move forward.

Contact Back to support