Forum Discussion
add to whitelist or safe senders from quarantine
- Only from the admin quarantine, IIRC. Which in turn adds it to the org-wide allow list.
- I only see the option to Allow for up to 30 days. What if I want to permanently allow the sender?
Has anybody found out how to allow sender for more than 30 days please?
It's a new MS Exchange feature. I am copying some of the data directly from Microsoft Community, Message center, and Learning pages. This should help with most of the questions I am reading.
Exchange EOP (Exchange Online Protection)
Automatic tenant Allow/Block list expiration management.
Defender new feature Whitelist auto remove
Microsoft Defender for Office 365 will introduce a feature to automatically remove allow list entries 45 days after their last use, starting late June 2024. This applies to customers with Microsoft Exchange Online Protection and Defender for Office 365 Plan 1 or 2. Users are advised to update their allow entries to utilize this new feature. https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=372670
If you've set up allowed domains, emails, URLs, or files in the Microsoft 365 Defender Tenant Allow/Block List, Microsoft will now automatically remove entries from the allow list once the system has learned from these configurations. If the system is treating the entity as good, there is no reason to have a redundant allow entry. Alternatively, Microsoft will also extend the expiration time of the allows if the system has not updated yet. This will prevent your legitimate emails from being sent to junk or quarantine. Spoof allow entries do not expire, so the automatic extension and removal doesn't apply in this case. Smart allow management is now live worldwide, which means the Tenant Allow/Block list will be shorter and more useful to you & your security team.
Whitelist rules will now automatically get removed by Microsoft.
Allows Will Be Automatically Extended
As a member of a security team, you’d create an allow entry in the Tenant Allow/Block List through the Submissions page if you found a legitimate email is getting junked or quarantined. Previously, the allow entry would typically expire after 30 days, leading to the same legitimate emails getting blocked again. Your options would be either to create another allow entry or try to open a support case to fix the underlying problem.Now if Microsoft has not learned from the allow entry and the allow is going to expire, we’ll extend the removal date by an additional 30 calendar days. However, the allow entries will not be extended indefinitely. If the system has not learned that the value is good after 90 days from the date of creation, the allow entry will be removed and you’ll get an alert about it.
Please note, this feature only applies to allow entries that were originally created with a removal date after 7 days. If the original removal date was between 1 and 7 days after creation, the automatic extension will not apply.
I'm currently logged into quarantine as a global admin. When i select a particular email i dont see the option to white list the email
- Should be under Release email.
VasilMichevThis option is not available at all for me - only 'Report message as having no threats". My company sends out (via external mail service) every day, but every day I see this message for the same email address I have released a hundred times?
