Edits to IP addresses in TABL

chrisda · chrisda · commit 28f0ceab83c7 · 2024-09-20T14:50:12.000-07:00
diff --git a/defender-office-365/TOC.yml b/defender-office-365/TOC.yml
@@ -241,7 +241,7 @@
            - name: Allow or block URLs using the Tenant Allow/Block List
              href: tenant-allow-block-list-urls-configure.md
            - name: Allow or block IP addresses using the Tenant Allow/Block List
-             href: tenant-allow-block-list-IP-configure.md 
+             href: tenant-allow-block-list-ip-addresses-configure.md
          - name: Admin submissions
            href: submissions-admin.md
          - name: Create block sender lists
diff --git a/defender-office-365/tenant-allow-block-list-about.md b/defender-office-365/tenant-allow-block-list-about.md
@@ -32,7 +32,7 @@ appliesto:
 
 In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you might disagree with the EOP or Microsoft Defender for Office 365 filtering verdict. For example, a good message might be marked as bad (a false positive), or a bad message might be allowed through (a false negative).
 
-The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override the Defender for Office 365 or EOP filtering verdicts. The list is used during mail flow or time of click for incoming messages from external senders. 
+The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override the Defender for Office 365 or EOP filtering verdicts. The list is used during mail flow or time of click for incoming messages from external senders.
 
 Entries for **Domains and email addresses** and **Spoofed senders** apply to internal messages sent within the organization. Block entries for **Domains and email addresses** also prevent users in the organization from *sending* email to those blocked domains and addresses.
 
@@ -43,7 +43,7 @@ For usage and configuration instructions, see the following articles:
 - **Domains and email addresses** and **spoofed senders**: [Allow or block emails using the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md)
 - **Files**: [Allow or block files using the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md)
 - **URLs**: [Allow or block URLs using the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md).
-- **IP addresses**: [Allow or block IPs using the Tenant Allow/Block List](tenant-allow-block-list-IP-configure.md).
+- **IP addresses**: [Allow or block IP addresses using the Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md).
 
 These articles contain procedures in the Microsoft Defender portal and in PowerShell.
 
@@ -71,9 +71,11 @@ In the Tenant Allow/Block List, you can also directly create block entries for t
 
 - **[Spoofed senders](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-spoofed-senders)**: If you manually override an existing allow verdict from [spoof intelligence](anti-spoofing-spoof-intelligence.md), the blocked spoofed sender becomes a manual block entry that appears only on the **Spoofed senders** tab in the Tenant Allow/Block List.
 
-- **[IP addresses](tenant-allow-block-list-IP-configure.md#create-block-entries-for-IP-addresses)**: If you manually create a block, all incoming emails from that incoming sending IP address will get dropped on the edge. 
+- **[IP addresses](tenant-allow-block-list-ip-addresses-configure.md#create-block-entries-for-ip-addresses)**: If you manually create a block entry, all incoming email messages from that IP address are dropped at the edge of the service.
 
-By default, block entries for [domains and email addresses](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-domains-and-email-addresses), [files](tenant-allow-block-list-files-configure.md#create-block-entries-for-files) and [URLs](tenant-allow-block-list-urls-configure.md#create-block-entries-for-urls) expire after 30 days, but you can set them to expire up 90 days or to never expire. Block entries for [spoofed senders](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-spoofed-senders) and [IP addresses](tenant-allow-block-list-email-IP-configure.md#create-block-entries-for-IP-addresses)never expire.
+By default, block entries for [domains and email addresses](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-domains-and-email-addresses), [files](tenant-allow-block-list-files-configure.md#create-block-entries-for-files) and [URLs](tenant-allow-block-list-urls-configure.md#create-block-entries-for-urls) expire after 30 days, but you can set them to expire up 90 days or to never expire.
+
+Block entries for [spoofed senders](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-spoofed-senders) and [IP addresses](tenant-allow-block-list-ip-addresses-configure.md#create-block-entries-for-ip-addresses) never expire.
 
 ## Allow entries in the Tenant Allow/Block List
 
@@ -85,8 +87,7 @@ In most cases, you can't directly create allow entries in the Tenant Allow/Block
   - If spoof intelligence already blocked the message as spoofing, use the **Submissions** page at <https://security.microsoft.com/reportsubmission> to [report the email to Microsoft](submissions-admin.md#report-good-email-to-microsoft) as **I've confirmed it's clean**, and then select **Allow this message**.
   - You can proactively create [an allow entry for a spoofed sender](tenant-allow-block-list-email-spoof-configure.md#create-allow-entries-for-spoofed-senders) on the **Spoofed sender** tab in the Tenant Allow/Block List before [spoof intelligence](anti-spoofing-spoof-intelligence.md) identifies and blocks the message as spoofing.
 
-- **IP Addresses**:
-    - You can proactively create an [an allow entry for an IP address](tenant-allow-block-list-email-IP-configure.md#create-allow-entries-for-IP-addresses) on the **IP addresses** tab in the Tenant Allow/Block List to override the IP filters for incoming message from them.
+- **IP Addresses**: You can proactively create an [an allow entry for an IP address](tenant-allow-block-list-ip-addresses-configure.md#create-block-entries-for-ip-addresses) on the **IP addresses** tab in the Tenant Allow/Block List to override the IP filters for incoming messages.
 
 The following list describes what happens in the Tenant Allow/Block List when you submit something to Microsoft as a false positive on the **Submissions** page:
 
diff --git a/defender-office-365/tenant-allow-block-list-email-spoof-configure.md b/defender-office-365/tenant-allow-block-list-email-spoof-configure.md
@@ -543,4 +543,4 @@ For submission instructions for impersonation false positives, see [Report good
 - [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md)
 - [Allow or block files in the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md)
 - [Allow or block URLs in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md)
-- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-IP-configure.md)
+- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md)
diff --git a/defender-office-365/tenant-allow-block-list-files-configure.md b/defender-office-365/tenant-allow-block-list-files-configure.md
@@ -283,4 +283,4 @@ For detailed syntax and parameter information, see [Remove-TenantAllowBlockListI
 - [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md)
 - [Allow or block emails in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md)
 - [Allow or block URLs in the Tenant Allow/Block List](tenant-allow-block-list-urls-configure.md)
-- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-IP-configure.md)
+- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md)
diff --git a/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md b/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md
@@ -36,10 +36,10 @@ This article describes how admins can manage entries for IP addresses in the Mic
 
 - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
 
-- Only support IPv6 addresses in the following format:
-    - Single IPv6 address in Colon-Hexadecimal Notation. for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334. 
-    - Single IPv6 address in Zero Compression. for example, 2001:db8::1 represents 2001:0db8:0000:0000:0000:0000:0000:0001. 
-    - CIDR IPv6 range. for example, 2001:0db8::/32. 1-128 range is supported
+- IPv6 addresses are supported only in the following formats:
+  - Single addresses in colon-hexadecimal format. For example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
+  - Single addresses in zero compression format. For example, 2001:db8::1 represents 2001:0db8:0000:0000:0000:0000:0000:0001.
+  - CIDR IPv6 range. For example, 2001:0db8::/32. 1-128 range is supported.
 
 - Entry limits for IP addresses:
   - **Exchange Online Protection**: The maximum number of allow entries is 500, and the maximum number of block entries is 500 (1000 IP entries in total).
@@ -66,9 +66,9 @@ This article describes how admins can manage entries for IP addresses in the Mic
 
 ## Create allow entries for IP addresses
 
- The allow entry only override the IP filters for that sending IP address. You can create allow entries for IP addresses directly in the Tenant Allow/Block List, using either of the following methods:
+The allow entry overrides only the IP filters for the specified sending IP address.
 
-- From the **IP addresses** tab on the **Tenant Allow/Block Lists** page or in PowerShell as described in this section.
+You can create allow entries for IP addresses directly in the Tenant Allow/Block List as described in this section.
 
 ### Use the Microsoft Defender portal to create allow entries for IP addresses in the Tenant Allow/Block List
 
@@ -85,7 +85,7 @@ This article describes how admins can manage entries for IP addresses in the Mic
    - **Remove allow entry after**: Select from the following values:
      - **1 day**
      - **7 days**
-     - **30 days** 
+     - **30 days**
      - **Never expire** (default)
      - **Specific date**: The maximum value is 90 days from today.
 
@@ -95,7 +95,7 @@ This article describes how admins can manage entries for IP addresses in the Mic
 
 Back on the **IP addresses** tab, the entry is listed.
 
-##### Use PowerShell to create allow entries for IP addresses in the Tenant Allow/Block List
+#### Use PowerShell to create allow entries for IP addresses in the Tenant Allow/Block List
 
 In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
 
@@ -106,17 +106,16 @@ New-TenantAllowBlockListItems -ListType IP -Allow -Entries "IPAddress1","IPAddre
 This example adds an allow entry for the specified IP address that never expires.
 
 ```powershell
-New-TenantAllowBlockListItems -ListType IP -Allow -Entries "2001:db8:3333:4444:5555:6666:7777:8882"-NoExpiration
+New-TenantAllowBlockListItems -ListType IP -Allow -Entries "2001:db8:3333:4444:5555:6666:7777:8882" -NoExpiration
 ```
 
 For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems).
 
-
 ## Create block entries for IP addresses
 
-Email messages send from the blocked IP addresses are dropped on the edge. To create block entries for IP addresses, use either of the following methods:
+You can create block entries for IP addresses directly in the Tenant Allow/Block List as described in this section.
 
-- From the **IP addresses** tab on the **Tenant Allow/Block Lists** page or in PowerShell as described in this section.
+Incoming email messages from IP addresses in block entries are blocked at the edge of the service.
 
 ### Use the Microsoft Defender portal to create block entries for IP addresses in the Tenant Allow/Block List
 
@@ -133,7 +132,7 @@ Email messages send from the blocked IP addresses are dropped on the edge. To cr
    - **Remove block entry after**: Select from the following values:
      - **1 day**
      - **7 days**
-     - **30 days** 
+     - **30 days**
      - **Never expire** (default)
      - **Specific date**: The maximum value is 90 days from today.
 
@@ -143,7 +142,7 @@ Email messages send from the blocked IP addresses are dropped on the edge. To cr
 
 Back on the **IP addresses** tab, the entry is listed.
 
-##### Use PowerShell to create block entries for IP addresses in the Tenant Allow/Block List
+#### Use PowerShell to create block entries for IP addresses in the Tenant Allow/Block List
 
 In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
 
@@ -154,12 +153,11 @@ New-TenantAllowBlockListItems -ListType IP -Block -Entries "IPAddress1","IPAddre
 This example adds an block entry for the specified IP address that never expires.
 
 ```powershell
-New-TenantAllowBlockListItems -ListType IP -Block -Entries "2001:db8:3333:4444:5555:6666:7777:8882"-NoExpiration
+New-TenantAllowBlockListItems -ListType IP -Block -Entries "2001:db8:3333:4444:5555:6666:7777:8882" -NoExpiration
 ```
 
 For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems).
 
-
 ## Use the Microsoft Defender portal to view entries for IP addresses in the Tenant Allow/Block List
 
 In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Tenant Allow/Block Lists** in the **Rules** section. Or, to go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>.
@@ -248,19 +246,18 @@ For existing IP addresses entries, you can change the expiration date and note.
 
    When you're finished in the **Edit IP addresses** flyout, select **Save**.
 
-
 ### Use PowerShell to modify existing allow or block entries for IP addresses in the Tenant Allow/Block List
 
 In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the following syntax:
 
 ```powershell
-Set-TenantAllowBlockListItems -ListType IP <-Ids <Identity value> | -Entries <Value>> [<-ExpirationDate Date | -NoExpiration>] [-Notes <String>]
+Set-TenantAllowBlockListItems -ListType IP <-Ids <Identity value> | -Entries <Value> [<-ExpirationDate Date | -NoExpiration>] [-Notes <String>]
 ```
 
 This example changes the expiration date of the specified IP address block entry.
 
 ```powershell
-Set-TenantAllowBlockListItems -ListType IP -Entries "2001:db8:3333:4444:5555:6666:7777:8882" -ExpirationDate "9/1/2022"
+Set-TenantAllowBlockListItems -ListType IP -Entries "2001:db8:3333:4444:5555:6666:7777:8882" -ExpirationDate "9/1/2024"
 ```
 
 For detailed syntax and parameter information, see [Set-TenantAllowBlockListItems](/powershell/module/exchange/set-tenantallowblocklistitems).
diff --git a/defender-office-365/tenant-allow-block-list-urls-configure.md b/defender-office-365/tenant-allow-block-list-urls-configure.md
@@ -523,4 +523,4 @@ The following entries are invalid:
 - [Manage allows and blocks in the Tenant Allow/Block List](tenant-allow-block-list-about.md)
 - [Allow or block files in the Tenant Allow/Block List](tenant-allow-block-list-files-configure.md)
 - [Allow or block emails in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md)
-- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-IP-configure.md)
+- [Allow or block IP addresses in the Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md)
