365 Defender REST API

Question

Is there any option to configure bad senders on anti spam within 365 defender?
screenshot attached

Answer 1

If there are two parts to your question and the second part is how to set up a Defender Rest API, I have the below information for you. If this is not what you mean by your question then please let me know:-

To set up and use the Microsoft 365 Defender REST API, you'll need to follow these steps:

1. Register an application: Go to the Azure portal (portal.azure.com) and sign in with your Azure AD credentials. Register a new application to obtain the necessary credentials and permissions for accessing the Microsoft 365 Defender API.
2. Grant API permissions: Once you've registered your application, you need to grant it the appropriate permissions to access the Microsoft 365 Defender API. Navigate to the "API permissions" section of your application registration and add the required permissions related to Microsoft 365 Defender.
3. Obtain authentication credentials: In order to authenticate your API requests, you need to acquire an access token. You can use various authentication flows, such as client credentials flow or authorization code flow, to obtain an access token for your application. The specific flow depends on your requirements and the type of application you're building.
4. Build your API requests: With the obtained access token, you can construct and send HTTP requests to the Microsoft 365 Defender REST API. Use the API documentation to understand the available endpoints, request/response formats, and required headers or parameters for each operation you want to perform.
5. Handle authentication and token expiration: Access tokens have a limited lifespan. You should implement logic in your application to handle token expiration and obtain new tokens as needed. This ensures that your API requests remain authenticated and valid.
6. Test and integrate: Start by testing your API requests using a tool like Postman or by writing code in your preferred programming language. Once you have verified the functionality, you can integrate the Microsoft 365 Defender REST API into your application or system to automate security-related tasks and retrieve relevant data.

I hope this information helps. If you have any questions, please let me know and I'll be glad to assist you further or If you find it helpful, you can mark this comment as the answer.

Kind regards

Tim

Answer 2

Hi Tim, Thank you for the swift response.
But i'm actually asking about API requests as mentioned in the headline.

thanks.

Answer 3

Hi Ben M,

I'm Tim, an Independent Consultant here and a Microsoft user like you. I don't work for Microsoft and do not have access to any of your data on their system.

Yes, Microsoft 365 Defender provides options to configure and manage bad senders or blocked senders. These settings can help you protect your organisation from unwanted or malicious emails. Here's how you can configure bad senders in Microsoft 365 Defender:-

1. Sign in to the Microsoft 365 Defender Security Center (https://security.microsoft.com/).
2. Navigate to "Threat management" or "Threat & Vulnerability Management" in the Security Center, depending on your subscription and interface.
3. Look for the "Anti-phishing" or "Email & Collaboration" section, which should include options to manage blocked senders or bad senders.
4. Within the settings for blocked senders, you can specify specific email addresses, domains, or IP addresses that you want to block.
5. Configure the desired action for blocked senders. You can choose to block the emails entirely or redirect them to quarantine for review.
6. Save your settings to apply the changes.

I hope this information helps. If you have any questions, please let me know and I'll be glad to assist you further or If you find it helpful, you can mark this comment as the answer.

Kind regards

Tim