check before: 2025-03-15
Product:
Defender, Defender for Office 365, Defender XDR, Exchange
Platform:
Online, US Instances, Web, World tenant
Status:
Launched
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Office 365 will soon allow creating allow entries for domains, addresses, and URLs directly from the Tenant Allow/Block Lists page. This feature will roll out in mid-March 2025 and will not impact current entries. No admin action is required for this update.
Details:
This new feature applies to customers with Exchange Online Protection, Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans.
Soon, it will be possible to create allow entries for domain & addresses and URLs directly from the Tenant Allow/Block Lists page. The entries can be created directly from the Microsoft Defender portal or the New-TenantAllowBlockListItems cmdlet. Allow entries for domains & addresses override spam and phishing (not high confidence phishing) verdicts of email from domain/sender addresses for delivery to the Inbox. URL allow entries override spam and phishing (not high confidence phishing) verdicts of the URL during mail flow and at time of click. Due to secure by default in Office 365, you still need to report the email, URL, or file to override high confidence phishing and malware verdicts. The submission automatically modifies existing allow entries or adds new entries as necessary.
The same permissions required for the Tenant Allow/Block List also apply to this feature. For information about these permissions, see Allow or block email using the Tenant Allow/Block List.
This message is associated with Microsoft 365 Roadmap ID 406165.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in mid-March 2025 and expect to complete by late March 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2025-02-19
updated:
2025-02-19
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Risk of Phishing
Allowing entries directly from the Tenant Allow/Block List without proper preparation may lead to an increased risk of phishing attacks as misclassified emails could bypass security filters, resulting in potential data breaches.
- roles: Security Administrators, IT Support Staff
- references: https://learn.microsoft.com/defender-office-365/secure-by-default, https://learn.microsoft.com/defender-office-365/submissions-admin#report-good-email-to-microsoft
User Experience Degradation
Users may experience a degradation in email quality if spam and phishing emails are allowed through due to misconfigured entries, leading to confusion and decreased productivity.
- roles: End Users, Help Desk Staff
- references: https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-email-spoof-configure, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=406165
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 week ago
