Microsoft is adding support for allowing emails containing malicious URLs or attachments to reach the mailboxes of end-users. This will be done via a self-remediation portal by enabling Office 365 security administrators to choose items that could contain threats. Microsoft wants to roll out the Tenant Allow/Block list portal during Q3 2020 and to make it generally available to all customers with an Advanced Threat Protection plan in all Office 365 environments. Office 365 ATP also provides users with an Attack Simulator tool allowing global or security admins to run spear phishing, password spray, and brute force (dictionary) attacks within their organizations.
Source: https://www.bleepingcomputer.com/news/security/office-365-will-let-you-manage-phishing-simulation-emails/