Forum Discussion
Solved
add to whitelist or safe senders from quarantine
Hello all I see its possible to block a sender from within the quarantine. Is it also possible to whitelist or add a sender to "safe senders" list from within the quarantine ?
- Only from the admin quarantine, IIRC. Which in turn adds it to the org-wide allow list.
As far as I know, Microsoft has removed the option to manually add specific emails/domains to the Tenant Allow / Block list.
You can still manually block domains, but allow has to go through the submission process, where you submit the email/domain etc. with the reasoning for why it should not be blocked.
Reference: https://learn.microsoft.com/en-us/defender-office-365/tenant-allow-block-list-email-spoof-configure
I have some Allow actions added under the 30-day rule last August that have been automatically renewing steadily since then. I agree that that is hardly a secure way to proceed, but it appears to be working for the domains in question.
I am a strong believer in at least trying to understand and if possible solve the problem rather than putting a policy plaster on the problem. If it seems unlikely that the sender would reform even if the problem is carefully and courteously explained to them, you can still add allowed sender and allowed domain entries to the anti-spam and anti-phishing policies. That will however cost Secure Score as those lists should ideally be empty, and such an action should only be taken with an understanding of the underlying sender problem and concomitant risks. Microsoft can only offer a general solution. Only you can balance the benefits against the risks to your organisation.
I am a strong believer in at least trying to understand and if possible solve the problem rather than putting a policy plaster on the problem. If it seems unlikely that the sender would reform even if the problem is carefully and courteously explained to them, you can still add allowed sender and allowed domain entries to the anti-spam and anti-phishing policies. That will however cost Secure Score as those lists should ideally be empty, and such an action should only be taken with an understanding of the underlying sender problem and concomitant risks. Microsoft can only offer a general solution. Only you can balance the benefits against the risks to your organisation.
- Good point! I was looking around for a while and found this discussion. The problem seems to occur (in our case) when not using a SMTP authenticed e-mail account and just send e-mails to internal receivers.
Your exceptions seems to automatically renewed maybe because "Allowed spoofed domain sender & impersonating senders never expire." I will try it out also. Thanks!
