Tenant Allow/Block List will allow related URLs

Originally posted by Microsoft Mar 27, 2023 Uncategorized 0 Comments

Applicable to Tenants with Exchange Online Protection, Microsoft Defender for Plan 1 or Plan 2 or Microsoft 365 Defender plan. 

Email messages can be blocked because of a bad URL where the URL is a matched based on a sub path or portion of the URL contained in the message. In the case of a legitimate email getting blocked, this was difficult to correct through a submission. We have updated the way that we handle allowed URLs such that the partial matching behavior is included without the need to include wild cards or making multiple URL submissions.

Emails with this URL are being blocked www.contoso.com/abc.

You submit the email or the URL to Microsoft for analysis, and an allow entry is created for www.contoso.com/abc in the Tenant Allow/Block List.

If future emails contain URLs that are related to the allow entry, the emails won’t be blocked based on the URL. For example (but not limited to): www.contoso.com/abc or www.contoso.com/abc?id=1 or www.contoso.com/abc/def/gty/uyt?id=5.

When this will happen:

We will begin rolling out late March 2023 and expect to complete by mid-April 2023.

How this will affect your organization:

Now, when submitting an email or original URL as a False Positive (FP) to Microsoft, the URL will be added to the Allow list and handled correctly, removing the need to make multiple submissions.

What you need to do to prepare:

You don’t need to do anything for existing or new URL allow entries in the Tenant/Allow Block List.

Message ID: MC532602

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: