The Blocked Lists for Exchange Online specify the blocked senders, URLs, SHA-1 hash
values, and SHA-256 hash values for your organization through the Threat Remediation
API. Email messages that match any item in the lists will be automatically
quarantined by Cloud Email and Collaboration
Protection.
After the blocked lists are configured, a message Blocked Lists for
Exchange Online enabled displays on the Advanced Threat
Protection screen for Exchange Online policies. The blocked lists
apply to all targets in the enabled Exchange Online policies and take precedence
over the configurations in these policies.
Procedure
- Generate an authentication token to use the Threat Remediation API.For more information about how to manage the token, see Generating an Authentication Token.
- Add, remove or view blocked senders, URLs, SHA-1 hash values, and SHA-256 hash
values through the Threat Remediation API.For more information about how to use this API, see Supported Cloud Email and Collaboration Protection Automation APIs.
- View the blocked lists.
- In Cloud Email and Collaboration Protection, go to , click Exchange Online, and locate the Blocked Lists section.
- Optionally enable or disable the blocked lists.
- View the items specified in each blocked list:
-
Blocked Senders: email address that an email message is sent from
-
Blocked URLs: URL that is included in an email message
-
Blocked SHA-1 Values: SHA-1 hash value of an email attachment
-
Blocked SHA-256 Values: SHA-256 hash value of an email attachment
Note
In this release, you can only view the blocked lists on the management console. To add or remove a blocked item, use the Threat Remediation API. -
- Optionally click Export to export the blocked lists to a CSV file.
- Click OK.