Microsoft Defender for Office 365: Create allow entries directly in the Tenant Allow/Block List

Message Information

Severity normal
Timeline
Start Date February 19, 2025
End Date June 30, 2025
Last Modified February 19, 2025
Services
Microsoft Defender XDR
Category PlanForChange

Message Details

This new feature applies to customers with Exchange Online Protection, Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans.


Soon, it will be possible to create allow entries for domain & addresses and URLs directly from the Tenant Allow/Block Lists page. The entries can be created directly from the Microsoft Defender portal or the New-TenantAllowBlockListItems cmdlet. Allow entries for domains & addresses override spam and phishing (not high confidence phishing) verdicts of email from domain/sender addresses for delivery to the Inbox. URL allow entries override spam and phishing (not high confidence phishing) verdicts of the URL during mail flow and at time of click. Due to secure by default in Office 365, you still need to report the email, URL, or file to override high confidence phishing and malware verdicts. The submission automatically modifies existing allow entries or adds new entries as necessary.

b2bcbbd4 5711 4198 bb31 f05dfa7b8894

bc78672b 0255 4ea0 ae37 ed8ecc59a0c8

c214a416 8a0e 40fb b235 d6ec349f4d0a
44ac9c25 558c 4622 8c86 c1cca33b4a2c

The same permissions required for the Tenant Allow/Block List also apply to this feature. For information about these permissions, see Allow or block email using the Tenant Allow/Block List.

This message is associated with Microsoft 365 Roadmap ID 406165.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in mid-March 2025 and expect to complete by late March 2025.

How this will affect your organization:

This new feature will not impact any of your current Tenant Allow/Block List entries. 

We suggest that you use allow entries for domain & addresses and URLs directly from the Tenant Allow/Block Lists page to enable misclassified spam and bulk/low confidence phishing to get delivered to the Inbox.

What you need to do to prepare:

This rollout will happen automatically with no admin action required.