Ši naršyklė nebepalaikoma.
Atnaujinkite į „Microsoft Edge“, kad pasinaudotumėte naujausiomis funkcijomis, saugos naujinimais ir techniniu palaikymu.
Patarimas
Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, admins can create and manage entries for URLs in the Tenant Allow/Block List. For more information about the Tenant Allow/Block List, see Manage allows and blocks in the Tenant Allow/Block List.
Pastaba
To allow phishing URLs from third-party phishing simulations, use the advanced delivery configuration to specify the URLs. Don't use the Tenant Allow/Block List.
This article describes how admins can manage entries for URLs in the Microsoft Defender portal and in Exchange Online PowerShell.
You open the Microsoft Defender portal at https://security.microsoft.com. To go directly to the Tenant Allow/Block List page, use https://security.microsoft.com/tenantAllowBlockList. To go directly to the Submissions page, use https://security.microsoft.com/reportsubmission.
To connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell. To connect to standalone EOP PowerShell, see Connect to Exchange Online Protection PowerShell.
For URL entry syntax, see the URL syntax for the Tenant Allow/Block List section later in this article.
You can enter a maximum of 250 characters in a URL entry.
An entry should be active within 5 minutes.
You need to be assigned permissions before you can do the procedures in this article. You have the following options:
Microsoft Defender XDR Unified role based access control (RBAC) (If Email & collaboration > Defender for Office 365 permissions is 
Active. Affects the Defender portal only, not PowerShell):
Microsoft Entra permissions: Membership in the Global Administrator*, Security Administrator, Global Reader, or Security Reader roles gives users the required permissions and permissions for other features in Microsoft 365.
Svarbu
* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
Unnecessary allow entries expose your organization to malicious email that would have been filtered by the system, so there are limitations for creating allow entries directly in the Tenant Allow/Block List.
To create allow entries for URLs, use either of the following methods:
From the URLs tab on the Submissions page at https://security.microsoft.com/reportsubmission?viewid=url. When you submit a blocked URL as I've confirmed it's clean, you can select Allow this URL to add and allow entry for the URL on the URLs tab on the Tenant Allow/Block Lists page. For instructions, see Report good URLs to Microsoft.
This method is required to override malware and high confidence phishing verdicts.
From the URLs tab on the Tenant Allow/Block Lists page or in PowerShell as described in this section.
This method is available to override the following verdicts only:
Patarimas
Allow entries from submissions are added during mail flow based on the filters that determined the message was malicious. For example, if the sender email address and a URL in the message are determined to be malicious, an allow entry is created for the sender (email address or domain) and the URL.
During mail flow or time of click, if messages containing the entities in the allow entries pass other checks in the filtering stack, the messages are delivered (all filters associated with the allowed entities are skipped). For example, if a message passes email authentication checks, URL filtering, and file filtering, a message from an allowed sender email address is delivered if it's also from an allowed sender.
By default, allow entries for domains and email addresses, files, and URLs are kept for 45 days after the filtering system determines that the entity is clean, and then the allow entry is removed. Or you can set allow entries to expire up to 30 days after you create them. Allow entries for spoofed senders never expire.
During time of click, the URL allow entry overrides all filters associated with the URL entity, which allows users to access the URL.
A URL allow entry doesn't prevent the URL from being wrapped by Safe Links protection in Defender for Office 365. For more information, see Do not rewrite list in SafeLinks.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block List page, use https://security.microsoft.com/tenantAllowBlockList.
On the Tenant Allow/Block List page, select the URLs tab.
On the URLs tab, select 
Add, and then select Allow.
In the Allow URLs flyout that opens, configure the following settings:
Add URLs with wildcards: Enter one URL per line, up to a maximum of 20. For details about the syntax for URL entries, see the URL syntax for the Tenant Allow/Block List section later in this article.
Remove allow entry after: Select from the following values:
Optional note: Enter descriptive text for why you're allowing the URLs.
When you're finished in the Allow URLs flyout, select Add.
Back on the URLs tab, the entry is listed.
In Exchange Online PowerShell, use the following syntax:
New-TenantAllowBlockListItems -ListType Url -Allow -Entries "Value1","Value2",..."ValueN" [-RemoveAfter 45] [-Notes <String>]
This example adds an allow entry for the URL abc.contoso.com and all email addresses (for example, xyz@abc.contoso.com). Because we didn't use the ExpirationDate or RemoverAfter parameters, the entry expires after 45 days from last used date.
New-TenantAllowBlockListItems -ListType Url -Allow -Entries abc.contoso.com
For detailed syntax and parameter information, see New-TenantAllowBlockListItems.
Email messages that contain these blocked URLs are blocked as high confidence phishing. Messages that contain the blocked URLs are quarantined.
To create block entries for URLs, use either of the following methods:
From the URLs tab on the Submissions page at https://security.microsoft.com/reportsubmission?viewid=url. When you submit a message as I've confirmed it's a threat, you can select Block this URL to add a block entry to the URLs tab on the Tenant Allow/Block Lists page. For instructions, see Report questionable URLs to Microsoft.
From the URLs tab on the Tenant Allow/Block Lists page or in PowerShell as described in this section.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block List page, use https://security.microsoft.com/tenantAllowBlockList.
On the Tenant Allow/Block List page, select the URLs tab.
On the URLs tab, select
Add, and then select Block.
In the Block URLs flyout that opens, configure the following settings:
Add URLs with wildcards: Enter one URL per line, up to a maximum of 20. For details about the syntax for URL entries, see the URL syntax for the Tenant Allow/Block List section later in this article.
Remove block entry after: Select from the following values:
Optional note: Enter descriptive text for why you're blocking the URLs.
When you're finished in the Block URLs flyout, select Add.
Back on the URLs tab, the entry is listed.
In Exchange Online PowerShell, use the following syntax:
New-TenantAllowBlockListItems -ListType Url -Block -Entries "Value1","Value2",..."ValueN" <-ExpirationDate <Date> | -NoExpiration> [-Notes <String>]
This example adds a block entry for the URL contoso.com and all subdomains (for example, contoso.com and xyz.abc.contoso.com). Because we didn't use the ExpirationDate or NoExpiration parameters, the entry expires after 30 days.
New-TenantAllowBlockListItems -ListType Url -Block -Entries *contoso.com
For detailed syntax and parameter information, see New-TenantAllowBlockListItems.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Tenant Allow/Block Lists in the Rules section. Or, to go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
Select the URLs tab.
On the URLs tab, you can sort the entries by clicking on an available column header. The following columns are available:
To filter the entries, select 
Filter. The following filters are available in the Filter flyout that opens:
or 
When you're finished in the Filter flyout, select Apply. To clear the filters, select 
Clear filters.
Use the 
Search box and a corresponding value to find specific entries.
To group the entries, select 
Group and then select Action. To ungroup the entries, select None.
In Exchange Online PowerShell, use the following syntax:
Get-TenantAllowBlockListItems -ListType Url [-Allow] [-Block] [-Entry <URLValue>] [<-ExpirationDate <Date> | -NoExpiration>]
This example returns all allowed and blocked URLs.
Get-TenantAllowBlockListItems -ListType Url
This example filters the results by blocked URLs.
Get-TenantAllowBlockListItems -ListType Url -Block
For detailed syntax and parameter information, see Get-TenantAllowBlockListItems.
In existing URL entries, you can change the expiration date and note.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
Select the URLs tab
On the URLs tab, select the entry from the list by selecting the check box next to the first column, and then select the 
Edit action that appears.
In the Edit URL flyout that opens, the following settings are available:
When you're finished in the Edit URL flyout, select Save.
Patarimas
In the details flyout of an entry on the URLs tab, use 
View submission at the top of the flyout to go to the details of the corresponding entry on the Submissions page. This action is available if a submission was responsible for creating the entry in the Tenant Allow/Block List.
In Exchange Online PowerShell, use the following syntax:
Set-TenantAllowBlockListItems -ListType Url <-Ids <Identity value> | -Entries <Value>> [<-ExpirationDate Date | -NoExpiration>] [-Notes <String>]
This example changes the expiration date of the block entry for the specified URL.
Set-TenantAllowBlockListItems -ListType Url -Entries "~contoso.com" -ExpirationDate "9/1/2022"
For detailed syntax and parameter information, see Set-TenantAllowBlockListItems.
In the Microsoft Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block List page, use https://security.microsoft.com/tenantAllowBlockList.
Select the URLs tab.
On the URLs tab, do one of the following steps:
Select the entry from the list by selecting the check box next to the first column, and then select the 
Delete action that appears.
Select the entry from the list by clicking anywhere in the row other than the check box. In the details flyout that opens, select
Delete at the top of the flyout.
Patarimas
To see details about other entries without leaving the details flyout, use 
Previous item and Next item at the top of the flyout.
In the warning dialog that opens, select Delete.
Back on the URLs tab, the entry is no longer listed.
Patarimas
You can select multiple entries by selecting each check box, or select all entries by selecting the check box next to the Value column header.
In Exchange Online PowerShell, use the following syntax:
Remove-TenantAllowBlockListItems -ListType Url <-Ids <Identity value> | -Entries <Value>>
This example removes the block entry for the specified URL from the Tenant Allow/Block List.
Remove-TenantAllowBlockListItems -ListType Url -Entries "*cohovineyard.com
For detailed syntax and parameter information, see Remove-TenantAllowBlockListItems.
IPv4 and IPv6 addresses are allowed, but TCP/UDP ports aren't.
Filename extensions aren't allowed (for example, test.pdf).
Unicode isn't supported, but Punycode is.
Hostnames are allowed if all of the following statements are true:
For example, t.co is allowed; .com or contoso. aren't allowed.
Subpaths aren't implied for allows.
For example, contoso.com doesn't include contoso.com/a.
Wildcards (*) are allowed in the following scenarios:
A left wildcard must be followed by a period to specify a subdomain. (applicable only for blocks)
For example, *.contoso.com is allowed; *contoso.com isn't allowed.
A right wildcard must follow a forward slash (/) to specify a path.
For example, contoso.com/* is allowed; contoso.com* or contoso.com/ab* aren't allowed.
*.com* is invalid (not a resolvable domain and the right wildcard doesn't follow a forward slash).
Wildcards aren't allowed in IP addresses.
The tilde (~) character is available in the following scenarios:
A left tilde implies a domain and all subdomains.
For example, ~contoso.com includes contoso.com and *.contoso.com.
A username or password isn't supported or required.
Quotes (' or ") are invalid characters.
A URL should include all redirects where possible.
Valid URL entries and their results are described in the following subsections.
Entry: *.<TLD>/*
www.abcd.com\xyz.TLDwww.abcd.com\xyz.TLD?q=1234www.abcd.TLDwww.abcd.TLD/q=a@contoso.comEntry: contoso.com
Allow match: contoso.com
Allow not matched:
www.contoso.comwww.contoso.com/q=a@contoso.comBlock match:
www.contoso.comwww.contoso.com/q=a@contoso.comBlock not matched: abc-contoso.com
Patarimas
Allow entries of this pattern are supported only from advanced delivery configuration.
Entry: *.contoso.com
Allow match and Block match:
www.contoso.comAllow not matched and Block not matched:
www.contoso.com/abcEntry: contoso.com/a/*
Allow match and Block match:
Allow not matched and Block not matched:
www.contoso.comwww.contoso.com/q=a@contoso.comPatarimas
Allow entries of this pattern are supported only from advanced delivery configuration.
Entry: ~contoso.com
Allow match and Block match:
www.contoso.comAllow not matched and Block not matched:
www.contoso.com/abcEntry: contoso.com/*
Allow match and Block match:
Allow not matched and Block not matched: contoso.com
Patarimas
Allow entries of this pattern are supported only from advanced delivery configuration.
Entry: *.contoso.com/*
Allow match and Block match:
www.contoso.com/awww.contoso.com/b/a/cAllow not matched and Block not matched: contoso.com/b
Patarimas
Allow entries of this pattern are supported only from advanced delivery configuration.
Entry: ~contoso.com~
Allow match and Block match:
www.contoso.comwww.contoso.com/bAllow not matched and Block not matched:
Entry: 1.2.3.4
Allow match and Block match: 1.2.3.4
Allow not matched and Block not matched:
Entry: 1.2.3.4/*
The following entries are invalid:
Missing or invalid domain values:
Wildcard on text or without spacing characters:
IP addresses with ports:
Non-descriptive wildcards:
Middle wildcards:
Double wildcards
Mokymas
Modulis
Enhance your email protection using Microsoft Defender for Office 365 - Training
This module examines how Microsoft Defender for Office 365 extends EOP protection through various tools, including Safe Attachments, Safe Links, spoofed intelligence, spam filtering policies, and the Tenant Allow/Block List.
Dokumentacija
Allow or block files using the Tenant Allow/Block List - Microsoft Defender for Office 365
Admins can learn how to allow or block files in the Tenant Allow/Block List.
Manage allows and blocks in the Tenant Allow/Block List - Microsoft Defender for Office 365
Learn about allow entries and block entries in the Tenant Allow/Block List in the Microsoft 365 Defender portal.
Allow or block IPv6 addresses using the Tenant Allow/Block List - Microsoft Defender for Office 365
Admins can learn how to allow or block IPv6 addresses in the Tenant Allow/Block List.