If you’re using Defender for Office 365, then you have access to some pretty powerful anti-phishing and anti-spam capabilities.

Sometimes however the anti-phishing can be a bit too aggressive in blocking emails suspected of being phishing – in this situation, I have a client with two separate Microsoft 365 tenancies, some users have email accounts in both tenancy, and when they send from Tenant A to Tenant B, their emails are blocked for phishing. Fair enough, this is exactly what the phishing filter is supposed to stop.

It is however a bit tricky to add entries to the Tenant Allow/Block Lists in Microsoft Defender – If you’re doing it using the web interface, you need to get one of the users to submit an incorrectly blocked phishing email and then you can tell Defender to take a different action.

Fortunately there is a way to manually add entries to the Tenant Allow/Block Lists via PowerShell.

To do this, first Connect to Exchange Online via PowerShell and then we break out the New-TenantAllowBlockListItems cmdlet.

PS /Users/kai> Connect-ExchangeOnline -ShowBanner:$false
PS /Users/kai> New-TenantAllowBlockListItems -Allow -ListType Sender -Entries example.com.au -NoExpiration

You can verify the entry has been added via Get-TenantAllowBlockListItems -ListType Sender or by logging into the Microsoft Defender portal to view the Allow/Block Lists.