Introducing tenant blocks via admin submissions

 We are excited to announce that you can now block suspicious entities when submitting emails, URLs, or attachments for Microsoft to review.  In the Microsoft 365 Defender portal (https://security.microsoft.com), security operations team can now block the sender or domain, URL or attachment while submitting suspicious emails, URLs or attachments from the admin submission flyout panel. You’ll no longer need to switch to the Tenant allow/block list page to block a suspicious entity.

Let’s look at how it works! 

Blocking email addresses or domains through email admin submission flyout

From the Emails tab under the submissions portal in Actions & submissions in the Microsoft 365 Defender portal, select Submit to Microsoft for analysis to report phishing, malware or spam email. You can choose to block the sender or domain and provide block expiry date and optional notes.  Make sure that you have the required permissions before submitting to Microsoft.

To learn more about blocking email addresses or domains in Tenant allow/block list, See Allow or block emails using the Tenant Allow/Block List.

Blocking URL through URL admin submission flyout

From the URLs tab under the submissions portal in Actions & submissions in the Microsoft 365 Defender portal, select Submit to Microsoft for analysis to report phishing or malware URL. You can choose to block the URL and provide block expiry date and optional notes.  Make sure that you have the required permissions before submitting to Microsoft.

To learn more about blocking urls in Tenant allow/block list, see Allow or block URLs using the Tenant Allow/Block List.

Blocking email attachment through email attachment admin submission flyout

From the Email attachments tab, under the submissions portal in Actions & submissions in the Microsoft 365 Defender portal, select Submit to Microsoft for analysis to report phishing or malware email attachment. You can choose to block the email attachment and provide block expiry date and optional notes.  Make sure that you have the required permissions before submitting to Microsoft.

To learn more about blocking email attachment in Tenant allow/block list, see Allow or block files using the Tenant Allow/Block List.

Viewing blocked entities from the admin submission flyout

All of the blocked entities created from the admin submission panel for URL, email attachment and emails will show up in Tenant allow/block list under the URL, file and Domains & addresses tab, respectively.

To learn more about Tenant allow/block list, see View entries in the Tenant Allow/Block List.

All other aspects of the submission experience, such as submitting a sample for analysis and viewing the results, remain as it is. 

Let us know what you think! 

The experience will start rolling out by the end of August. You can expect to see these changes over the next few weeks. The new submissions experience will be available to customers with Exchange Online Protection, Defender for Office 365 Plan 1, Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security licenses. 

We’re excited for you to try out these new capabilities. Let us know what you think using the Defender for Office 365 forum.