The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
At the moment, the following URLs are included in the M365 Attack Simulator:
An error occurred while saving the commentLayhy SIN, IT Manager commented
Cambodia Airports, is member of VINCI Airports whom subscribed to ATP for 400+ plus in the tenant GCC type? We petition to Microsoft to implement reporting message add-in into our tenant (GCC) in order to fully utilize the benefit of monitoring level of junk, phish reports by end user to tackle increasing spam and phish attack to our tenant (VINCI Airports).