gtag('config', 'AW-10839537686');
top of page
Writer's pictureJosé Lázaro Pinos
Aug 212 min read

Allow Entries in Microsoft 365 Tenant Allow/Block Lists



Did you know that you can’t create allow entries for domains and email addresses directly in the Microsoft 365 Tenant Allow/Block List?

This is a critical detail that can significantly impact the security posture of your organization’s email system.


Allow entries play a vital role in determining which emails make it through your filters. However, creating unnecessary allow entries can expose your organization to malicious emails that would have otherwise been filtered out by the system. These entries bypass several layers of protection, so understanding how and when they are created is essential for maintaining a secure environment.


The Automation Behind Allow Entries

In Microsoft 365, allow entries from submissions are automatically added during the mail flow, but this process isn’t as straightforward as it seems. These entries are based on the specific filters that flagged the message as malicious. For example, if a message is identified as malicious due to the sender's email address and a URL within the email, the system creates an allow entry for both the email address (or domain) and the URL. This means that future messages from this sender, or containing that URL, could bypass the filters—potentially letting in malicious content if the original judgment was flawed.


How to Properly Create Allow Entries

Since you cannot directly add allow entries in the Tenant Allow/Block List, the proper method involves using the Emails tab on the Submissions page. The process is simple:


  1. Access the Submissions Page: Go to https://security.microsoft.com/reportsubmission?viewid=email.

  2. Submit the Blocked Message: After verifying that the message is clean, submit it through the Submissions page.

  3. Select "Allow this message": This action adds an allow entry for the sender to the Domains & email addresses tab on the Tenant Allow/Block Lists page.


This process ensures that allow entries are only created for messages that have been carefully vetted, reducing the risk of inadvertently allowing malicious content.


Key Considerations for Allow Entries

Allow entries for domains and email addresses, files, and URLs are temporary by default, lasting for 45 days after the system determines that the entity is clean. However, you can set them to expire up to 30 days after creation. Keep in mind that allow entries for spoofed senders never expire, adding another layer of complexity to managing these entries.


Want to learn more?



 

BY:

José Lázaro Pinos,

Global Head of Consulting - VP,

Performanta

Commenti

bottom of page