Whitelist Email Addresses/Domains for Certain Groups

Copper Contributor

What's the most effective way to manage email whitelists for certain groups of users (only)?


Rather than whitelisting an email address or a domain for an entire tenant, how can we whitelist it for selected users and nobody else?

4 Replies

Hi @Adaministrator,

In Exchange, you can use this to options to manage email whitelists for specific groups of users:

1. Transport Rules: You can create transport rules in Exchange to whitelist specific email addresses or domains for selected users or groups. These rules allow you to set conditions and actions for email messages as they pass through the Exchange server. By creating a transport rule that targets the desired users or groups and specifies the email addresses or domains to whitelist, you can ensure that only those users receive messages from the trusted sources:

  1. Log in to the Microsoft 365 Admin Center (admin.microsoft.com) using your administrator credentials.

  2. Go to the Exchange admin center by clicking on "Admin centers" in the left-hand navigation pane and selecting "Exchange".

  3. In the Exchange admin center, navigate to "Mail flow" and then click on "Rules" in the top menu.

  4. Click on the "+" icon to create a new transport rule.

  5. In the "Name" field, provide a descriptive name for the rule, such as "Whitelist Rule for Selected Users".

  6. Under "Apply this rule if...", you can define conditions to identify the desired users or groups. For example, you can choose to apply the rule if the message is sent to specific users or groups.

  7. Under "Do the following...", select the action you want to apply. In this case, choose "Modify the message properties" and then select "Set the spam confidence level (SCL) to..." Set it to a lower value like "0" or "Bypass spam filtering".

  8. In the same section, you can also add an exception if needed. For example, you can exclude internal emails or specific senders from the rule.

  9. Under "Except if...", you can specify additional conditions to exclude certain scenarios from the rule. This can help refine the rule's behavior.

  10. Once you have configured all the necessary settings, click "Save" to create the transport rule.




2. Inbox Rules (Outlook): Users can manage their own whitelists by setting up inbox rules in Outlook. Each user has the ability to create a rule that identifies specific email addresses or domains and determines what action should be taken, such as moving the message to a particular folder or marking it as not junk:

  1. Open Microsoft Outlook and go to the "Home" tab.

  2. In the ribbon at the top, click on "Rules" (the icon may vary depending on your Outlook version).

  3. In the dropdown menu, select "Manage Rules & Alerts". This will open the Rules and Alerts window.

  4. In the Rules and Alerts window, click on the "New Rule" button. This will launch the Rules Wizard.

  5. In the Rules Wizard, you'll see a list of rule templates. Scroll down and select "Apply rule on messages I receive" under "Start from a blank rule" section. Then click "Next".

  6. In the next window, you can define conditions for the rule. Choose the condition that best matches your needs. For example, you can select "From people or public group" to specify a particular sender.

  7. After selecting the condition, click on the "People or public group" link in the "Step 2" section. This will open the "Rule Address" window.

  8. In the "Rule Address" window, you can add the email addresses or domains that you want to whitelist. You can manually enter them or use the "From" field to select them from your contacts or recent senders. Click "OK" when you're done.

  9. Once you have specified the conditions, click on "Next".

  10. In the next window, choose the action you want to perform on the whitelisted messages. You can select "Move it to the specified folder" and choose a specific folder where the messages should be moved. Alternatively, you can choose other actions like marking the message as not junk or flagging it.

  11. After selecting the action, click on "Next".

  12. In the exceptions window, you can set any exceptions if needed. This allows you to refine the rule's behavior further. Click "Next" when you're done.

  13. In the last window, give a name to your rule and choose whether you want to apply the rule to messages already in your inbox. You can also enable or disable the rule at this stage. Click "Finish" to create the rule.










Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

Kindest regards

Leon Pavesic

Thanks for the reply.
I was hoping to avoid using transport rules, and we definitely don't want to whitelist on endpoint devices. I guess I was hoping there would be a baked-in solution for this in the Security/M365 Defender portal by now
thanks for the solution. But golly that is just too confusing and not workable for a small company that doesn't have a full time IT guy to figure this stuff out.

For this reason I am migrating away from MS. Too confusing.
This is the official best way, and if you can't do this then you can use transport rules: