Microsoft Defender for Office 365: Tenant Allow/Block List will support blocking top-level domains and subdomains

Originally posted by Microsoft May 21, 2024 Uncategorized 0 Comments

Microsoft Defender for Office 365 will soon allow blocking of top-level domains and subdomains via the Tenant Allow/Block List, rolling out from late May to late June. This update applies to customers with Microsoft Exchange Online Protection and Microsoft Defender for Office 365 Plan 1 or Plan 2. No admin action is required before the rollout.

This message applies to customers with Microsoft Exchange Online Protection and Microsoft Defender for Office 365 Plan 1 or Plan 2.

Soon, you will be able to block sender emails based on their top-level domain by creating block entries in the Tenant Allow/Block List in Microsoft Defender XDR.

This message is associated with Microsoft 365 Roadmap ID 389853.

When this will happen:

This change will start rolling out in late May and should be completed by late June.

How this will affect your organization:

Before the rollout: You are unable to block incoming emails from sender email addresses by blocking top level domains or subdomains in the Tenant Allow/Block List. 

After this rollout, you will be able to create entries in the Tenant Allow/Block List (via the Microsoft XDR portal or the PowerShell), using the format *.<TLD>, where <TLD> can be any top-level domain such as .net, .biz, .io, .movie, country codes like .in, .us, .ru, and so on. Entries will not be case sensitive and can be uppercase, lowercase, or mixed case.

The top-level domain entries will block all emails received from or sent to any email address or subdomain related to *.<TLD> during mail flow. Inbound emails will be quarantined like other blocked domains and addresses, and outbound emails will be rejected with non-delivery receipt clearly indicating the reason.

This rollout also provides support for subdomain blocking. You can create entries in the following format for subdomains *.SD1.TLD, *.SD2.SD1.TLD, *.SD3.SD2.SD1.TLD, and similar patterns.

What you need to do to prepare:

This rollout will not affect your existing Tenant Allow/Block List entries.

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Your existing Tenant Allow/Block List entries as it won’t be affected.

Before rollout, we will update this post with revised documentation.

Message ID: MC794542

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: