Microsoft Defender for Office 365: Create allow entries directly in the Tenant Allow/Block List

This new feature applies to customers with Exchange Online Protection, Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans.

Soon, it will be possible to create allow entries for domain & addresses and URLs directly from the Tenant Allow/Block Lists page. The entries can be created directly from the Microsoft Defender portal or the New-TenantAllowBlockListItems cmdlet. Allow entries for domains & addresses override spam and phishing (not high confidence phishing) verdicts of email from domain/sender addresses for delivery to the Inbox. URL allow entries override spam and phishing (not high confidence phishing) verdicts of the URL during mail flow and at time of click. Due to secure by default in Office 365, you still need to report the email, URL, or file to override high confidence phishing and malware verdicts. The submission automatically modifies existing allow entries or adds new entries as necessary.

The same permissions required for the Tenant Allow/Block List also apply to this feature. For information about these permissions, see Allow or block email using the Tenant Allow/Block List.

This message is associated with Microsoft 365 Roadmap ID 406165.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in mid-March 2025 and expect to complete by late March 2025.

How this will affect your organization:

This new feature will not impact any of your current Tenant Allow/Block List entries. 

We suggest that you use allow entries for domain & addresses and URLs directly from the Tenant Allow/Block Lists page to enable misclassified spam and bulk/low confidence phishing to get delivered to the Inbox.

What you need to do to prepare:

This rollout will happen automatically with no admin action required.