Skip to content

Commit fe3819c

Browse files
chrisdachrisda
authored
Merge pull request #1341 from dhairyya/dhagarwal_working
Calling out message vs entity level allow
2 parents 299a2a7 + 98230aa commit fe3819c

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

defender-office-365/how-policies-and-protections-are-combined.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ ms.custom:
1717
description: Admins can learn how the order of protection settings and the priority order of security policies affect the application of security policies in Microsoft 365.
1818
ms.service: defender-office-365
1919
search.appverid: met150
20-
ms.date: 05/16/2024
20+
ms.date: 09/12/2024
2121
appliesto:
2222
- ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
2323
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -180,7 +180,9 @@ Tenant allows and blocks are able to override some filtering stack verdicts as d
180180
|Bulk|**Tenant wins**: Email delivered to mailbox|**Tenant wins**: Email delivered to user's Junk Email folder|
181181
|Not spam|**Tenant wins**: Email delivered to mailbox|**Tenant wins**: Email delivered to user's Junk Email folder|
182182

183-
- [Allow entries in the Tenant Allow/Block List](tenant-allow-block-list-about.md#allow-entries-in-the-tenant-allowblock-list):
183+
- [Allow entries in the Tenant Allow/Block List](tenant-allow-block-list-about.md#allow-entries-in-the-tenant-allowblock-list): There are two types of allow entries:
184+
- Message level allow entries act on the entire message, regardless of the entities in the message. Allow entries for email address and domains are message level allow entries.
185+
- Entity level allow entries act on the filtering verdict of entities. Allow entries for URLs, spoofed senders, and files are entity level allow entries. To override malware and high confidence phishing verdicts, you need to use entity level allow entries, which you can create by submission only due to [Secure by default in Microsoft 365](secure-by-default.md).
184186

185187
|Filtering stack verdict|Email address/domain|
186188
|---|---|

0 commit comments

Comments
 (0)