Skip to Content

MC415186: Microsoft Defender for Office 365: Enforce Authentication to Pass on AntiSpam Allowed Domains

We are strengthening Spoofing protection within Exchange online protection and Microsoft Defender for Office 365 Anti-Spam security policy. It will provide a way to secure your organization against spoofing attacks that may otherwise occur by allowing certain domains and senders. This message is associated with Microsoft 365 Roadmap ID 93436.

Currently, EOP and MDO tenant administrators can specify domains and senders to be allowed using Anti-Spam policy. However, these domains and senders can be easily spoofed by attackers. We are making changes to improve the security of sender and domain allows defined in the Antispam policy and within user allow lists so that they require the domain or sender to pass authentication in order for the allow to be honored. The change only impacts messages that are considered to be internal, that is, the sender or domain is defined as an accepted domain in your organization. All other messages are handled as they are today.

MC415186: Microsoft Defender for Office 365:Enforce Authentication to Pass on AntiSpam Allowed Domains

Applies to:

When this will happen

Standard: Rollout will begin in late September and will be completed by late November.

GCC/GCC-H/DoD: Rollout will begin in late November and be completed by late December.

How this will affect your organization

Security Admins and SecOps teams today can specify allowed domains and allowed senders within the Anti-Spam policy. We recommend never adding your own accepted domains or commonly trusted domains to the allowed domains list. Moving forward, when you specify internal tenant owned/accepted domains and senders to this list, DMARC authentication check will be enforced on these domains or senders and they will be allowed by the system only if authentication passes on these domains/senders. Otherwise, despite being specified, allowing messaging from these domains will not be honored.

In this way, our system will work to protect your organization against Spoofing attacks. In case you want to allow legitimate ‘Spoofing’ from these domains and senders, you will be able to continue adding them to Tenant allow block list – Spoofing (as you can do so today).

Note: This will impact any messages that are received from outside your organization, where the sender’s domain is part of your organization accepted domain list and fails authentication.

What you need to do to prepare

To prepare for this change it is recommended that you review the spoof intelligence report and ensure that any intra-org messages where the sender/sending domain is part of your accepted domain pass authentication as expected. Note you do not need to update items where authentication fails and that failure is expected. Review your existing Anti-Spam policies within threat policies and consider updating the list of Allowed domains / Allowed senders to allow whom you trust. We recommend updating your necessary training documents accordingly.

Learn More

Message ID: MC415186
Published: 18 August 2022
Updated: 18 August 2022
Platform: Online, US Instances, Web, World tenant

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.