Allow Or Block Email In Microsoft Defender

Defender Portal

In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. Or, to go directly to the Tenant Allow/Block List page, use https://security.microsoft.com/tenantAllowBlockList. On the Tenant Allow/Block List page, verify that the Domains & addresses tab is selected. On the Domains & addresses tab, click Block icon. Block. In the Block domains & addresses flyout that appears, configure the following settings: Domains & addresses: Enter one email address or domain per line, up to a maximum of 20. Remove block entry after: The default value is 30 days, but you can select from the following values: 1 day 7 days 30 days Never expire Specific date: The maximum value is 90 days from today. Optional note: Enter descriptive text for the entries. When you're finished, click Add.

Powershell

In Exchange Online PowerShell, use the following syntax: New-TenantAllowBlockListItems -ListType Sender -Block -Entries "DomainOrEmailAddress1","DomainOrEmailAddress1",..."DomainOrEmailAddressN" <-ExpirationDate Date | -NoExpiration> [-Notes ]
This example adds a block entry for the specified email address that expires on a specific date.
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "test@badattackerdomain.com","test2@anotherattackerdomain.com" -ExpirationDate 8/20/2022