Forum Discussion
Security Admin Center Tenant Allow/Block List Not Able to Block IPv4?
While using the Security Admin Center Tenant Allow/Block List we have been able to block specific email addresses and IPv6 IP addresses but are unable to block IPv4 IP addresses. We have tried both using the console and the CLI but have turned up unsuccessful both times when it comes to IPv4. A large majority of the phishing attempts that we encounter come from IPv4 addresses but we have been unable to block any of these. Will there ever be functionality for IPv4 within the Tenant Allow/Block list or is the only option to use conditional access policies? Also why is this enterprise tool only functional with IPv6 and without documentation stating that it does not work for IPv4?
4 Replies
The documentation for the New-TenantAllowBlockListItems cmdlet was updated to reflect that only IPv6 entries are supported with the Entries type of "IP". Additionally, the "Create block sender lists" documentation was updated to say "IPv4 ranges aren't supported yet. Admins can create and manage entries for IPv4 addresses in the default connection filter policy".
I suspect when support for IPv6 addresses was added in CY2024 Q4 that there was an issue with IPv4 addresses that appears to be being worked on according to the wording quoted above (I would provide the links but am not sure if they would pass through in the comments here).
So, if you need to block IPv4 addresses, you can use the Connection filter policy under the anti-spam policies in MDO but be aware that blocks via this mechanism don't get marked as spam (or other Defender features) as they are flat out rejected. I.E. this appears to happen earlier in the SMTP message pipeline process.I am also seeing this same issue. Anyone found a work around?
We have the same problem. Ay ideas on this??
It appears that box only accepts IPv6, same with the command line version. I have no idea why Microsoft would configure it to only accept IPv6 and not IPv4.
