Microsoft Defender for Office 365: Tenant Allow/Block Lists will support entry removal 45 days after last used date

Originally posted by Microsoft May 22, 2024 Uncategorized 0 Comments

Microsoft Defender for Office 365 will introduce a feature to automatically remove allow list entries 45 days after their last use, starting late June 2024. This applies to customers with Microsoft Exchange Online Protection and Defender for Office 365 Plan 1 or 2. Users are advised to update their allow entries to utilize this new feature.

This message applies to customers with Microsoft Exchange Online Protection and Microsoft Defender for Office 365 Plan 1 or Plan 2.

Soon, it will be possible for you to create allow entries in the Tenant Allow/Block Lists in Microsoft Defender from Submissions, with a Remove on value set to 45 days after the last used date.

372670

When this will happen:

General Availability (Worldwide): We will begin rolling out in late June 2024 and expect to complete by late July 2024.

How this will affect your organization:

Before the rollout: You create allow entries with a Remove on date of 30 calendar days, and then the entries go through a complex non-transparent expiration process.

After the rollout: The column for the Last used date is already present in the Tenant Allow/Block Lists. If the entry is encountered during mail flow or time of click with a negative verdict (the system has not learned), then a date appears in the column. If the entry is not encountered or the system has learned, then Not used will appear in the column. For example: You create an allow entry on May 7, 2024, with the 45 days after last used date setting. If the entry is used daily, the Remove on date will not be triggered and the entry will not be removed. However, if the entry is not used after May 15, 2024, the entry will be removed on June 29, 2024 (45 days after the entry’s last use).

admin controlsView image in new tab

What you need to do to prepare:

You can modify existing allow entries in the Tenant Allow/Block Lists to include the Remove on value of 45 days after last used date.

admin controlsView image in new tab

If the Last used date displays Not used and the Remove allow entry after value is set to 45 days after last used date, the system will remove the allow entry 45 calendar days from the Creation date. This removal process will begin in late July 2024 for allow entries that meet this criterion.

This rollout will not impact any of your current Tenant Allow/Block Lists entries that do not have a Remove allow entry after value set to 45 days after last used date.

We recommend that you update the Remove allow entry after value of your existing allow entries in the Tenant Allow/Block Lists to 45 days after last used date.

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.

Before rollout, we will update this post with revised documentation.

Message ID: MC794813

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: