This article describes how to create URL allow entries that are available in the Tenant Allow/Block List. This is done by submitting the URL as a false positive, which will then add an allow entry on the URLs tab in the Tenant Allow/Block List. You will want to submit URLs if your targets receive the following warning when clicking links in simulated phishing emails.
Follow the steps below to submit URLs to the Allow list.
-
In the Microsoft 365 Defender portal at https://security.microsoft.com, go to the Submissions page at Actions & submissions > Submissions. To go directly to the Submissions page, use https://security.microsoft.com/reportsubmission.
-
On the Submissions page, select the URLs tab
-
On the URLs tab, click Submit to Microsoft for analysis.
-
In the Submit to Microsoft for analysis flyout that appears, enter the following information:
-
Select the submission type: Verify the value URL is selected.
-
URL: Enter the domain with a trailing "/*" (for example,
fabrikam.com/*
), and then select it in the box that appears. You can enter up to 50 URLs at once. -
Select a reason for submitting to Microsoft: Select Should not have been blocked (False positive), and then configure the following settings:
-
Allow this URL: Turn on this setting .
-
Remove allow entry after: The default value is 30 days, but you can select from the following values:
- 1 day
- 7 days
- 30 days
- Specific date: The maximum value is 30 days from today.
-
Allow entry note: Enter optional information about why you're allowing and submitting this URL.
-
-
When you're finished, click Submit, and then click Done.
-
After a few moments, the allow entry will appear on the URL tab on the Tenant Allow/Block List page. For more information about the Tenant Allow/Block List, see Manage allows and blocks in the Tenant Allow/Block List.
Note
- By default, allow entries for URLs exist for 30 days. During those 30 days, Microsoft will learn from the allow entries and remove them or automatically extend them. After Microsoft learns from the removed allow entries, messages that contain those URLs will be delivered, unless something else in the message is detected as malicious.
- When the URL is encountered again during mail flow, Safe Links detonation or URL reputation checks and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message will be delivered.
- During selection, all URL-based filters, including Safe Links detonation or URL reputation checks are overridden, allowing user access to content at the URL.
Comments
0 comments
Please sign in to leave a comment.