M365 Changelog: (Updated) Microsoft Defender for Office 365: Tenant Allow/Block List will support blocking top-level domains and subdomains

Summary

Microsoft Defender for Office 365 will soon allow blocking of top-level domains and subdomains via the Tenant Allow/Block List, rolling out from late May to late June. This update applies to customers with Microsoft Exchange Online Protection and Microsoft Defender for Office 365 Plan 1 or Plan 2. No admin action is required before the rollout.

MC794542 – Updated May 31, 2024: Microsoft has updated the content below with links to additional information. Thank you for your patience.

This message applies to customers with Microsoft Exchange Online Protection and Microsoft Defender for Office 365 Plan 1 or Plan 2.

Soon, you will be able to block sender emails based on their top-level domain by creating block entries in the Tenant Allow/Block List in Microsoft Defender XDR.

This message is associated with Microsoft 365 Roadmap ID 389853.

When this will happen:

This change will start rolling out in late May 2024 and should be completed by late June 2024.

How this will affect your organization:

Before the rollout: You are unable to block incoming emails from sender email addresses by blocking top level domains or subdomains in the Tenant Allow/Block List. 

After this rollout, you will be able to create entries in the Tenant Allow/Block List (via the Microsoft XDR portal or the PowerShell), using the format *.<TLD>, where <TLD> can be any top-level domain such as .net, .biz, .io, .movie, country codes like .in, .us, .ru, and so on. Entries will not be case sensitive and can be uppercase, lowercase, or mixed case.

The top-level domain entries will block all emails received from or sent to any email address or subdomain related to *.<TLD> during mail flow. Inbound emails will be quarantined like other blocked domains and addresses, and outbound emails will be rejected with non-delivery receipt clearly indicating the reason.

This rollout also provides support for subdomain blocking. You can create entries in the following format for subdomains *.SD1.TLD*.SD2.SD1.TLD*.SD3.SD2.SD1.TLD, and similar patterns.

This rollout will not affect your existing Tenant Allow/Block List entries.

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Your existing Tenant Allow/Block List entries as it won’t be affected.

Additional information: Allow or block email using the Tenant Allow/Block List