MC532602 – Applicable to Tenants with Exchange Online Protection, Microsoft Defender for Plan 1 or Plan 2 or Microsoft 365 Defender plan.
Email messages can be blocked because of a bad URL where the URL is a matched based on a sub path or portion of the URL contained in the message. In the case of a legitimate email getting blocked, this was difficult to correct through a submission. Microsoft has updated the way that it handles allowed URLs such that the partial matching behavior is included without the need to include wild cards or making multiple URL submissions.
Emails with this URL are being blocked www.contoso.com/abc.
You submit the email or the URL to Microsoft for analysis, and an allow entry is created for www.contoso.com/abc in the Tenant Allow/Block List.
If future emails contain URLs that are related to the allow entry, the emails won’t be blocked based on the URL. For example (but not limited to): www.contoso.com/abc or www.contoso.com/abc?id=1 or www.contoso.com/abc/def/gty/uyt?id=5.
When this will happen:
Microsoft will begin rolling out late March 2023 and expect to complete by mid-April 2023.
How this will affect your organization:
Now, when submitting an email or original URL as a False Positive (FP) to Microsoft, the URL will be added to the Allow list and handled correctly, removing the need to make multiple submissions.
What you need to do to prepare:
You don’t need to do anything for existing or new URL allow entries in the Tenant/Allow Block List.
Previous Exchange Online Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.