M365 Changelog: (Updated) Microsoft Defender for Office 365 – Tenant Allow Block List to Support URL Top-Level Domain Blocking

MC675960 – Updated November 2, 2023: Microsoft has updated the content below to show as intended. Thank you for your patience.

Soon, you will be able to block URLs based on their top-level domain using block entries in the Tenant Allow Block List. You can create entries in the Microsoft 365 Defender portal or PowerShell, using the format “*.<TLD>/”, where <TLD> can be any top-level domain such as .net, .biz, .io, .movie, country codes (.in, .us, .ru) etc. The entry is not case sensitive, and can be in uppercase, lowercase, or mixed.

It is applicable to customers with Exchange Online Protection, Microsoft Defender for Office plan 1 or plan 2 service plans.

The top-level domain entry results in the blocking of all URLs that are related to “*.<TLD>/”, (subdomains, domains, or sub paths) both during mail flow (email is quarantined like other blocked URL entries) and at time of click across Microsoft Teams and Office apps, if Safe Links is enabled.

This message is associated with Microsoft 365 Roadmap ID 115506

When this will happen:

Rollout will begin in late September 2023 and is expected to be complete by late October 2023.

How this will affect your organization:

This will not affect any of your existing Tenant Allow Block List entries.

What you need to do to prepare:

No changes are required. Once this change is rolled out, you can use it to block URL top-level domains.