The Tenant Allow/Block List in the Microsoft 365 Defender portal gives you a way to manually override the Defender for Office 365 or EOP filtering verdicts. The list is used during mail flow for incoming messages from external senders.
The Tenant Allow/Block List doesn’t apply to internal messages within the organization. However, block entries for Domains and email addresses prevent users in the organization from sending email to those blocked domains and addresses.
The Tenant Allow/Block list is available in the Microsoft 365 Defender portal at https://security.microsoft.com > Policies & rules > Threat Policies > Tenant Allow/Block Lists in the Rules section.
Click Block Domain address or email address. Here we can entry up to 20 valid email address or
domain Ids. Remove block entry after : select the duration to block the emails.
Note :
Once the email address the block list it may take some time to update the policy.
Internal Organization Users can not send or receive emails from the Tenant block list mailers.
If the Internal user send email to Tenant block list users, the email will be rejected with NDR.
External emails from the tenant block list Anti-Spam Engine mark as SPAM and SCL will be 9. The email will not be delivered to user mailbox and it would be quarantined.
Message Header Analysis
Release Email from the Quarantine
Administrator can review the emails from the quarantine list and take necessary actions such as release email or delete emails
