Add a domain to the Tennant Allow/Block Lists in Microsoft 365 using PowerShell

Add a sender or domain to the Microsoft 365 Tenant Allow/Block Lists with PowerShell when Defender for Office 365 wrongly blocks legitimate mail as phishing.

If you’re using Defender for Office 365, then you have access to some pretty powerful anti-phishing and anti-spam capabilities.

Sometimes however the anti-phishing can be a bit too aggressive in blocking emails suspected of being phishing – in this situation, I have a client with two separate Microsoft 365 tenancies, some users have email accounts in both tenancy, and when they send from Tenant A to Tenant B, their emails are blocked for phishing. Fair enough, this is exactly what the phishing filter is supposed to stop.

It is however a bit tricky to add entries to the Tenant Allow/Block Lists in Microsoft Defender – If you’re doing it using the web interface, you need to get one of the users to submit an incorrectly blocked phishing email and then you can tell Defender to take a different action.

Fortunately there is a way to manually add entries to the Tenant Allow/Block Lists via PowerShell.

To do this, first Connect to Exchange Online via PowerShell and then we break out the New-TenantAllowBlockListItems cmdlet.

PS /Users/kai> Connect-ExchangeOnline -ShowBanner:$false
PS /Users/kai> New-TenantAllowBlockListItems -Allow -ListType Sender -Entries example.com.au -NoExpiration

You can verify the entry has been added via Get-TenantAllowBlockListItems -ListType Sender or by logging into the Microsoft Defender portal to view the Allow/Block Lists.

If you want help tuning Microsoft 365 phishing protection and building a more practical email security baseline, see our cybersecurity support for small and medium businesses.

Comments