With this change we’re giving admins the ability to allow senders for a specified period of time, right from the quarantine workflow. When releasing emails to end users, admins can now opt to remember this decision by creating an entry in the tenant allow/block list that corresponds to the indicator of compromise aligned with the message in question. Admins can now choose to allow or prevent users from submitting messages to Microsoft for analysis.
|Product||Microsoft Defender for Office 365|
|Release phase||General Availability|
|Release date||October CY2021|
|Cloud Instance||GCC, DoD, Worldwide (Standard Multi-Tenant), GCC High|
|Created||11 August 2021|
|Updated||02 October 2021|