Home

Hello Guys. How do i block malicious senders in office 365 security and compliance?

%3CLINGO-SUB%20id%3D%22lingo-sub-765226%22%20slang%3D%22en-US%22%3EHello%20Guys.%20How%20do%20i%20block%20malicious%20senders%20in%20office%20365%20security%20and%20compliance%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-765226%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20office%20365%20as%20our%20email%20security%20gateway.%20How%20do%20i%20block%20malicious%20senders%20in%20office%20365%20security%20and%20compliance%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-765226%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-765313%22%20slang%3D%22en-US%22%3ERe%3A%20Hello%20Guys.%20How%20do%20i%20block%20malicious%20senders%20in%20office%20365%20security%20and%20compliance%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-765313%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F379204%22%20target%3D%22_blank%22%3E%40Tata1980%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20block%20the%20Ip%20or%20IP%20range%20using%20connection%20filter%20%E2%80%A6%20refer%20below%20article%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fconfigure-the-connection-filter-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fconfigure-the-connection-filter-policy%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3ETo%20block%20the%20domain%20or%20sender..%20use%20Anti%20Spam%20policy%20or%20create%20a%20transport%20rule..%20refer%20below%20article..%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-block-sender-lists-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-block-sender-lists-in-office-365%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3EThanks%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3ERobin%20Nishad%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%3ESr%20Consultant%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-772952%22%20slang%3D%22en-US%22%3ERe%3A%20Hello%20Guys.%20How%20do%20i%20block%20malicious%20senders%20in%20office%20365%20security%20and%20compliance%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-772952%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F379204%22%20target%3D%22_blank%22%3E%40Tata1980%3C%2FA%3E%26nbsp%3B%20You%20can%20configure%20list%20of%20Block%20Senders%20or%20even%20Block%20the%20entire%20sender%20domain%20itself.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-block-sender-lists-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-block-sender-lists-in-office-365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIP%20may%20keep%20changing%20for%20spammers%20so%20it%20is%20not%20recommended%20to%20block%20a%20specific%20ip%20because%20once%20ip%20is%20changed%2C%20it%20will%20be%20able%20to%20bypass%20your%20connection%20filter%20and%20ultimately%20be%20blocked%20on%20Spam%20Filter%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditionally%20when%20a%20small%20group%20of%20people%20are%20impacted%20on%20our%20Organization%20(an%20email%20may%20be%20irrelevant%20for%20HR%20team%20flagged%20as%20Marketing%20but%20may%20not%20be%20spam%20for%20your%20Sales%20team)%2C%20that%20is%20when%20you%20should%20use%20or%20encourage%20your%20users%20to%20use%20Outlook%20Blocked%20senders.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20review%20who%20are%20all%20already%20added%20in%20Blocked%20sender's%20list%20%2C%20use%20PowerShell%20-%26nbsp%3BGet-BlockedSenderAddress%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%20!%3C%2FP%3E%3CP%3EAnkit%20Shukla%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1164990%22%20slang%3D%22en-US%22%3ERe%3A%20Hello%20Guys.%20How%20do%20i%20block%20malicious%20senders%20in%20office%20365%20security%20and%20compliance%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1164990%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F156230%22%20target%3D%22_blank%22%3E%40ankit%20shukla%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20I%20use%20import-csv%20with%20get-blockedsenderaddress%20to%20see%20which%20users%20are%20blocked%20based%20on%20a%20list%20of%20email%20addresses%3F%3C%2FP%3E%3CP%3EAlso%2C%20once%20the%20list%20is%20checked%2C%20can%20I%20add%20a%20block%20for%20those%20that%20may%20not%20have%20one%20on%20the%20lists%3C%2FP%3E%3CP%3EFinally%20i%20would%20like%20to%20use%20the%20same%2Fmodified%20list%20for%20remove-blocked%20sender%20address.%3C%2FP%3E%3CP%3EThanks%2C%3CBR%20%2F%3EA%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Tata1980
Occasional Visitor

We have office 365 as our email security gateway. How do i block malicious senders in office 365 security and compliance?

3 Replies
Highlighted

@Tata1980 

 

You can block the Ip or IP range using connection filter … refer below article

 

https://docs.microsoft.com/en-us/office365/securitycompliance/configure-the-connection-filter-policy

 

To block the domain or sender.. use Anti Spam policy or create a transport rule.. refer below article..

 

https://docs.microsoft.com/en-us/office365/securitycompliance/create-block-sender-lists-in-office-36...

 

Thanks

 

Robin Nishad

Sr Consultant

Highlighted

@Tata1980  You can configure list of Block Senders or even Block the entire sender domain itself.

 

https://docs.microsoft.com/en-us/office365/securitycompliance/create-block-sender-lists-in-office-36... 

 

IP may keep changing for spammers so it is not recommended to block a specific ip because once ip is changed, it will be able to bypass your connection filter and ultimately be blocked on Spam Filter again.

 

Additionally when a small group of people are impacted on our Organization (an email may be irrelevant for HR team flagged as Marketing but may not be spam for your Sales team), that is when you should use or encourage your users to use Outlook Blocked senders.

 

To review who are all already added in Blocked sender's list , use PowerShell - Get-BlockedSenderAddress

 

Cheers !

Ankit Shukla

 

 

 

 

Highlighted

@ankit shukla 

How can I use import-csv with get-blockedsenderaddress to see which users are blocked based on a list of email addresses?

Also, once the list is checked, can I add a block for those that may not have one on the lists

Finally i would like to use the same/modified list for remove-blocked sender address.

Thanks,
A