Hi @George Zerphey ,
I have not personally tested by adding .biz, but the MDE team has stated that blocking top level domains (.xyz) is not supported though the MDE URL indicators. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide. You can block individual IPs / URLs.
The documentation does not explicitly state that top-level domains cannot be blocked, so I have reached out and made a pull request to the guide and looped in the authors. I've also reached out to the Security team to propose this as a feature request and see if they can advise additional workarounds for this scenario.
The MDE team advises that in order to block an entire top-level domain, you would need to use a firewall or DNS filtering service. Network device options would depend on your setup.
I've shared your feedback with the Security team and recommend leaving feedback in the feedback forum as well. https://feedback.azure.com/
Let me know if you have further questions or details about your scenario that you would like to share.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.*