Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into painbar-custom-install-path

paulinbar · paulinbar · commit 5734d2dd21aa · 2025-08-13T21:29:33.000+03:00
diff --git a/defender-office-365/tenant-allow-block-list-email-spoof-configure.md b/defender-office-365/tenant-allow-block-list-email-spoof-configure.md
@@ -15,7 +15,7 @@ ms.collection:
   - tier1
 description: Admins can learn how to allow or block email and spoofed sender entries in the Tenant Allow/Block List.
 ms.service: defender-office-365
-ms.date: 07/08/2025
+ms.date: 08/13/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -82,6 +82,15 @@ This article describes how admins can manage entries for email senders in the Mi
 
 ## Domains and email addresses in the Tenant Allow/Block List
 
+> [!NOTE]
+> Entries for email addresses with special characters (for example, spaces, quotes, or symbols) must use UTF-8 hexadecimal URL encoding for the special characters. Otherwise, you might receive errors when you try to add the entries.
+>
+> For example, to block the email address `"bad+ attacker"@fourthcoffee.com`, use the value `%22bad%2B%20attacker%22@fourthcoffee.com`:
+>
+> - `%22` represents the double quotation marks (").
+> - `%2B` represents the plus sign (+).
+> - `%20` represents the space ( ).
+
 ### Create allow entries for domains and email addresses
 
 Unnecessary allow entries expose your organization to malicious email that the system would otherwise filter, so there are limitations for creating allow entries directly in the Tenant Allow/Block List.
diff --git a/unified-secops-platform/microsoft-sentinel-onboard.md b/unified-secops-platform/microsoft-sentinel-onboard.md
@@ -161,6 +161,8 @@ When you switch the primary workspace for Microsoft Sentinel, the Defender XDR c
 
 If you decide to offboard a workspace from the Defender portal, disconnect the workspace from the settings for Microsoft Sentinel.
 
+If your workspace has the [Microsoft Defender XDR connector](/azure/sentinel/connect-microsoft-365-defender) configured, offboarding the workspace from the Defender portal will also disconnect the Microsoft Defender XDR connector.
+
 1. Go to the [Microsoft Defender portal](https://security.microsoft.com/) and sign in.
 1. In the Defender portal, under **System**, select **Settings** > **Microsoft Sentinel**.
 1. On the **Workspaces** page, select the connected workspace and **Disconnect workspace**.
@@ -178,3 +180,4 @@ If you want to connect to a different workspace, from the **Workspaces** page, s
 - [Automatic attack disruption in Microsoft Defender XDR](/defender-xdr/automatic-attack-disruption)
 - [Investigate incidents in Microsoft Defender portal](/defender-xdr/investigate-incidents)
 - [Optimize your security operations](/azure/sentinel/soc-optimization/soc-optimization-access?tabs=defender-portal)
+
