Forum Discussion
Security: impossible to restrict all ".zip" and ".mov" TLD to the Tenant Allow/Block list
Please see screenshot below. Maybe I'm doing something wrong, but there is no help available for the syntax to use (the linked page in the tooltip doesn't contain that information).
Instead of using the Tenant Allow/Block lists you can make use of the Windows Defender Firewall which supports blocking of TLDs, the policy can be deployed via Intune.
More information can be found here:
https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-enhanced-control-for-configuring-firewall-rules-with/ba-p/3664744
Found another great source written by Jeffrey Appel:
https://jeffreyappel.nl/block-gtld-zip-fqdn-domains-with-windows-firewall-and-defender-for-endpoint/
- Hello,
Yes I immediately thought to block these in our firewall but it doesn't protect users that would check emails on their phone outside of the company network for instance.
This is the reason why I wanted to filter the emails before they even reach the users.