Request for Guidance on Blocking List of Company Names

LM-5132 250 Reputation points
2025-04-18T19:02:33.1833333+00:00

Hello,

Our business has received a list of 70 company names from China that we need to add to our spam filtering. I prefer to place these names on a block list, but the challenge is that the list only includes the company names, with no associated domains provided.

I have reached out to the list provider to request a list of corresponding domain names or URLs. I also ran the company names through an AI tool to gather potential domains, but I would like to understand if there’s a way to implement the block list or spam filtering using only the company names. I am concerned that using keywords or matching text may inadvertently filter legitimate emails into the junk folder.

I would greatly appreciate any suggestions on how to effectively address this issue.

Thank you!

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,471 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. David Broggy 6,376 Reputation points MVP Volunteer Moderator
    2025-04-21T14:16:24.68+00:00

    Hello @LM-5132

    There is no logical mapping between a company name and a domain.

    As such, you would need a 'research step' of some method in order to identify the domain.

    Defender for Cloud Apps contains a library of many companies and their web sites, so it may be possible to use this (or some other tool) to match companies to domains.

    Once you've performed the match, you can flag these organizations as 'unsanctioned' and then perform blocking at the endpoint based on that tag.

    Here are some steps related to the above suggestions.

    1. Use Cloud Discovery to identify apps

    Go to Defender for Cloud Apps portal > Discover > Cloud Discovery dashboard.

    Upload or use automatic log collection (from firewall, Defender for Endpoint, etc.).

    Filter apps using the Company name field (this supports partial matches).

    Example: search for Contains: Zoom to find all apps with "Zoom" in the company name.

    1. Tag Apps as Unsanctioned

    Select all matching apps.

    Click Tag > Choose "Unsanctioned".

    1. Integrate with Defender for Endpoint (MDE) or Firewall

    To block these apps on endpoint:

    Go to Settings > Microsoft Defender for Endpoint in Defender for Cloud Apps.

    Ensure integration is enabled.

    Once apps are tagged as Unsanctioned, MDE will block HTTP/HTTPS traffic to those apps automatically (on supported browsers).

    Note: Unsanctioned apps are blocked based on hostname/IP, not company name. So this method depends on the app matching being comprehensive.

    1. Use Cloud Discovery to identify apps

    Go to Defender for Cloud Apps portal > Discover > Cloud Discovery dashboard.

    Upload or use automatic log collection (from firewall, Defender for Endpoint, etc.).

    Filter apps using the Company name field (this supports partial matches).

    Example: search for Contains: Zoom to find all apps with "Zoom" in the company name.

    1. Tag Apps as Unsanctioned

    Select all matching apps.

    Click Tag > Choose "Unsanctioned".

    1. Integrate with Defender for Endpoint (MDE) or Firewall

    To block these apps on endpoint:

    Go to Settings > Microsoft Defender for Endpoint in Defender for Cloud Apps.

    Ensure integration is enabled.

    Once apps are tagged as Unsanctioned, MDE will block HTTP/HTTPS traffic to those apps automatically (on supported browsers).

    Note: Unsanctioned apps are blocked based on hostname/IP, not company name. So this method depends on the app matching being comprehensive.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.