Skip to content

Commit 16fa6d3

Browse files
chrisdachrisda
committed
Update mdo-deployment-guide.md
Updated allow entries in TABL
1 parent 65ac1fb commit 16fa6d3

File tree

1 file changed

+12
-2
lines changed

1 file changed

+12
-2
lines changed

defender-office-365/mdo-deployment-guide.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ ms.collection:
1818
ms.custom:
1919
description: Learn how to get started with the initial deployment and configuration of Microsoft Defender for Office 365.
2020
ms.service: defender-office-365
21-
ms.date: 02/24/2025
21+
ms.date: 05/20/2025
2222
appliesto:
2323
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
2424
- ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -315,7 +315,17 @@ In general, it's easier to create blocks than allows, because unnecessary allow
315315

316316
- **Allow**:
317317

318-
- You can't create allow entries for **domains and email addresses**, **files**, and **URLs** directly on the corresponding tabs in the Tenant Allow/Block List. Instead, you use the **Submissions** page to report the item to Microsoft. As you report the item to Microsoft, you can select to allow the item, which creates a corresponding temporary allow entry in the Tenant Allow/Block list.
318+
- You can create allow entries for **domains and email addresses** and **URLs** on the corresponding tabs in the Tenant Allow/Block List to override the following verdicts:
319+
- Bulk
320+
- Spam
321+
- High confidence spam
322+
- Phishing (not high confidence phishing)
323+
324+
- You can't create allow entries directly in the Tenant Allow/Block List for the following items:
325+
- Malware or high confidence phishing verdicts for **domains and email addresses** or **URLs**.
326+
- Any verdicts for **files**.
327+
328+
Instead, you use the **Submissions** page to report the items to Microsoft. After you select **I've confirmed it's clean**, you can then select **Allow this message**, **Allow this URL**, or **Allow this file** to create a corresponding temporary allow entry in the Tenant Allow/Block list.
319329

320330
- Messages allowed by [spoof intelligence](anti-spoofing-spoof-intelligence.md) are shown on the **Spoof intelligence** page. If you change a block entry to an allow entry, the sender becomes a manual allow entry on the **Spoofed senders** tab in the Tenant Allow/Block List. You can also proactively create allow entries for not yet encountered spoofed senders on the **Spoofed senders** tab.
321331

0 commit comments

Comments
 (0)