Allow/Block Lists
Manage the Tenant Allow/Block List to control which senders, URLs, and files bypass or are blocked by Exchange Online Protection (EOP) filtering. Allow and block entries provide granular control over email security decisions.
Warning: Allow list entries bypass spam filtering and create security risk. Use sparingly and review regularly. Allow lists do not bypass malware or high-confidence phishing protection.
Tenant Allow/Block List
| Column | Description |
|---|---|
| Entry Type | Sender, URL, or File |
| Value | The blocked or allowed entry |
| Action | Allow or Block |
| Expiration | When the entry expires |
| Last Updated | Date of last modification |
| Notes | Admin notes for the entry |
Entry Types
Sender Entries
Control filtering for specific senders or domains:
- Allow sender — Messages from this sender bypass spam filtering
- Block sender — Messages are always marked as spam
- Allow domain — All senders from domain bypass spam filtering
- Block domain — All senders from domain are blocked
URL Entries
Control access to specific URLs:
- Allow URL — URL is not blocked by Safe Links or spam filtering
- Block URL — URL is blocked across Safe Links, spam, and phishing filters
- Supports exact URL, domain, or wildcard patterns
File Entries
Control filtering for specific file hashes:
- Allow file — File with matching hash bypasses malware filtering
- Block file — File is blocked in email, SharePoint, OneDrive, and Teams
- Uses SHA256 file hash for identification
Expiration Policies
- Allow entries expire after 30 days by default
- Block entries can be set for 30, 60, 90 days, or never expire
- Expired entries are automatically removed
- Entries can be renewed before expiration
Note: Allow entries are intended as temporary overrides while you report false positives to Microsoft. They should not be used as permanent policy.
Submission-Based Allows
When you submit a false positive to Microsoft, a temporary allow entry is automatically created:
- Submit false positive — Report a legitimate message that was blocked
- Allow created — Temporary allow entry is added to the Tenant Allow/Block List
- Microsoft reviews — Analysts review the submission and update filters
- Allow expires — Entry expires after 30 days as filters are updated
Best Practices
- Minimize allow entries — Each allow entry is a potential security bypass.
- Use block entries for known threats — Block persistent spam sources not caught by filters.
- Review regularly — Audit entries and remove stale or unnecessary allows.
- Use submissions — Report false positives to Microsoft to improve filtering rather than relying on permanent allows.
API Reference
GET /api/exchange/tenant-allow-block-list
List all entries
POST /api/exchange/tenant-allow-block-list
Create allow or block entry
PUT /api/exchange/tenant-allow-block-list/:id
Update entry
DELETE /api/exchange/tenant-allow-block-list/:id
Remove entry