Why Isn’t My Microsoft 365 Safe Sender Configuration Working for Everyone?

Yes, you're right. Each user usually needs to add the sender to their Safe Sender list individually. There is a Group Policy Object (GPO) that can help sync these settings to Outlook for desktop users, which can then reflect in Outlook Web Access. So, it might require a bit of manual work on the users' parts.

From what I've seen, the Safe Sender settings in Microsoft 365 mostly impact spam filtering, but they don't completely stop phishing alerts like the 'Trust sender' message. Those prompts are influenced by Microsoft Defender's policies, and at times, individual user mailbox settings can override. Just whitelisting the domain won't fully eliminate those warnings, so it might be necessary to configure these settings directly from the users' mailboxes.

Sounds like a tough spot! Best of luck with your simulation! Let me know if you find any solutions that work for you.

I think you're stuck in a situation where your tool needs to align with the technical requirements of the Microsoft 365 setup. Have a chat with the admin of the recipient's tenant to ensure everything meets the necessary standards, like MX, DKIM, DMARC, and SPF records. This way, you can address the root cause instead of applying temporary fixes.

You might just want to add the email address to the Safe Sender list for each mailbox. I did that in the past, and I had to try it a couple of times, but it resolved my issues with email loading as well.