Author: sandeep

MS365

MS365 Block Lists & Email Quarantine Management

Email security is a critical aspect of the organization’s communication infrastructure, which provides Microsoft 365 with strong tools to help administrators manage email security, email quarantine, and block lists. In this blog post, we will cover what quarantined email messages and block lists are. We will also take a look into the end-user allow and block lists benefits.

What The Quarantine System in MS365 Does?


Microsoft Quarantine is a feature which will provide security for all organization users by protecting from possible harmful emails. Emails detected as suspicious or potentially dangerous are quarantined. In other words, the user’s mailbox is quarantined when the email is in there until an administrator or the user views and acts upon the email.

Quarantined Email: Email will be spam, phishing attacks, malware emails. Emails that match the signature can be held there for a period of time (decided by the O365 Administrator) until they get deleted automagically.

How to Retrieve Emails from the Quarantine? Step-by-step process

  1. Go to the Microsoft 365 Security & Compliance: https://compliance.microsoft.com
  2. Go to Email & collaboration >> Review >> Quarantine >> Email Tab:
  3. Review the quarantined emails and perform suitable action (release, deletion, mark false positive)
How to Retrieve Emails from the Quarantine? Step-by-step process

alt: How to Retrieve Emails from the Quarantine – step 1

How to Retrieve Emails from the Quarantine - step 2


What are the types of Quarantined Emails?


The kinds of messages most often quarantined are:

  • Spam: E-Mails with commercial advertising.
  • Phishing Attacks: Sending emails that appear to be from a legitimate organization or known individual to get recipients to click on a link or provide sensitive information, such as passwords and credit card numbers.
  • Malware emails — Emails with malicious software designed to harm, disrupt, or take control of computers.

The Microsoft 365 Administrator can set how long emails matching security signatures are getting put video in Quarantine. These emails are automatically deleted after this period if anything is not done on these emails.

Block List Management: Whitelist and Block List

Block List Management: In Microsoft 365 the block list management is all about domains, IPs and email addresses that are supposed to be blocked from sending emails to the users who are user in your organization. How to create Whitelist and Block list step by step?

  1. Sign in to the Microsoft 365 Security & Compliance Center : https://compliance.microsoft.com
  2. Navigate to Email & collaboration > Policies & Rules > Threat Policies > Anti Spam Policies:
  3. Select Block Domain Policies, Under Blocked Senders and Domain, add the email addresses or domains which want to block:
Block List Management: Whitelist and Block List - step 1

A screenshot of a computer screenA screenshot of a computer screen

How to Allow a Sender in Quarantined Email Messages? Step-by-step process

Users can allow a sender in quarantined email messages, ensuring emails from trusted sources aren’t mistakenly quarantined. If a user wishes to allow an external email address or domain, they can request to allow this specific email from quarantine.

  1. Access Outlook: Open Outlook and go to Settings.
  2. Navigate to Junk Email: Find the Junk Email settings under Mail.
  3. User can be “Report as Not Junk” to permit future emails from the sender.

    A screenshot of a computerDescription automatically generated

How to allow or Block IP Addresses in Microsoft 365?

If suspect malicious activity on a user account, in order to perform thorough investigations, We need to control certain IP addresses and take control of different aspects at a data level for email security in Microsoft 365. This will not only helps in the prevention of spam, phishing attacks, and other malice by blocking harmful IPs, while allowing known good ones of the same kind.

Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365

  1. Sign in to the Microsoft 365 Security & Compliance Center:
    https://security.microsoft.com/antispam
  2. Anti-spam inbound policy (Default) which is by default by Microsoft-
Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365 - step 1
  1. Edit Policy: Choose the spam filter policy and then click on “Edit”
  2. Blocked IP Addresses: Under “Connection filtering”, add the IP address to the “Blocked IP addresses” list so that Emails from this IP address do not reach your organization users. This is best to prevent Domains owned by known spammers and phishing attackers from around the internet.
Managing IP Addresses, Blocking and allowing IP addresses in Microsoft 365 - step 2
  1. Allowed IP Addresses:

– In “Connection filtering” ensure to list the IP address under the “Allowed IP addresses” section so that the emails originating from this IP are not blocked by mistake. (ideal for ensuring that domains that are considered Trusted are not being blocked by the spam filter)


This will help the administrators manage between the allowed IP addresses and the blocked IP of personnel and enjoy a safe and comfortable email communication medium at the end of the organization.

What are the End-User Allow and Block Lists(identities) Benefits?


       Allow & Block Lists for End-Users: Benefits of Letting End-Users Manage Their Own

  • Reduced False Positives: So, if users are in control of their allow lists, then the danger of a real email being accidentally quarantined is markedly diminished. It allows users to add sender to their whitelist in fewer clicks, ensuring their important communications are less likely to be flagged.
  • Presentments of virus attacks: Since Microsoft 365 automatically sends to quarantine all other emails, whenever it spots anything that looks like a virus. This pre-emptive action will prevent malicious emails from making it to the user’s inbox, act as added security.
  • User-Controlled Email Flow: Providing users with the ability to control their flow of emails bring about a decrease in what administrative overhead. Faster resolution of quarantined email related issues by the end-user, without waiting or needing admin assistance more time saved



MS365 Block Lists & Email Quarantine Management Summary


The Microsoft 365 security and compliance tools are very helpful for maintaining email security in the organization. The whole quarantine system isolates potentially harmful emails, while the block List system assists in preventing spam and phishing content. By authorizing users to manage their allow and block lists, organizations can improve their overall email security and reduce the workload on administrators.

The use of these tools ensures that our organization’s email communication remains secure and efficient.

Key Takeaways

  1. Improved Security: Suspect emails are isolated and lists of the blocked elements are managed to keep many cyber threats away.
  2. Power to the User — Letting end-users change their email preferences leads to lower false positives and lower admin overhead.

Efficiency: It Is More Efficient and Safer Because of Automated Processes and User-Control Settings in The Communication Process.

Incorporating these elements means that your company’s communication via email is private, productive, and professional. For organizations that are looking to keep a handle on their email security and maintain solid lines of communication Microsoft 365 has an almost all-encompassing solution in addition to proper measures to stay ahead of potential threats with Microsoft Threat Protection.

Popular Posts

UNCATEGORISED

Improve your Office 365 Security Governance New

Office 365 security governance is critical. Modern IT systems are at the heart of any organisation. They carry all your critical data, from client information, work-in-progress, procedures, payroll, sales leads, the list goes on.

The information stored within these systems is so valuable that any loss of data may spell the end of an organisation. Like you protect your physical assets, your digital assets also needs to be protected.

Unfortunately with the move to the cloud, it is not uncommon to see that many of the traditional best-practice methods of risk reduction have not been adopted.

CatchBefore was built to help simplify the management of a number of key risk points for organisations. Our software provides a practical solution to address a number of the key security issues raised below.

Best Practice / Traditional IT Governance key-points

  1. Access Controls. Access controls provides a method of enforcing rules around which users can access what data or systems. Restricting access to the minimum required reduces risk.
  2. Privilege separation. Normal day-to-day activities should be undertaken as a regular user. Administrative functions should be undertaken on a separate, dedicated administrative accounts.
  3. Protect user accounts. Password quality and management is critical to make sure user accounts are not compromised.
  4. Monitor logs and systems for integrity. It is critical that access logs and systems are continuously monitored to ensure that a breach has not occurred, and that the security of your environment is preserved.
  5. Monitor system configuration. The system is never stagnant. It is a moving object, and continuously changing. Unfortunately it is very easy to make a configuration mistake which may negatively impact the security of your organisation.
  6. Backup your data. Human error, hardware failures, fires, power surges, software failures, malicious staff, external threat-actors. There are many ways in which your data could be lost. Having a complete and up to date backup system in place is critical for your risk management.
  7. Utilise anti-malware/anti-virus software. Actively seeking out malicious software helps reduce risk. The sooner that an attack can be prevented, the sooner the risk can be limited and managed.
  8. Monitor and manage server hardware health. Hardware does fail, and can have catastrophic consequences when it does. It is important to manage this risk by continuously monitoring server hardware, and keeping your server within its planned lifespan.
  9. Server patch-management. The battle for security is forever ongoing. Attackers find exploits, and vendors provide ‘patches’ to their software to close these exploits. It is critical that software on your server is kept up to date with the latest patches.

Changes since moving to the cloud

Lets have a look at the list , with a perspective of having your data in the cloud:

  1. Access Controls. This requirement still applies. In addition to having to worry about limiting access to those within your office, your data is now accessible globally.
  2. Privilege separation. The concept of privileged access has been adopted in the move to the cloud. The risk of escalation via administrative privileges applies to 365 tenancies as well.
  3. Protect user accounts. The exploitation of user accounts is as problematic as ever in the cloud. Attackers are busy trying to break in to accounts, and in many ways their efforts are helped by reducing the variances in software versions and platforms.
  4. Monitor logs for system integrity. Access logs are still generated, however they may not be retained for as long as you have been accustomed to with onsite servers. These logs still provide important information about access to your data.
  5. Monitor system configuration for faults. Many of the features with on-premise solutions are also available in the cloud. This means that the configuration options available are vast, and there is a need for regular monitoring for incorrect configuration that may lead to security vulnerabilities.
  6. Backup your data. 365 does have some data-versioning capacity. The system does have a grace period before deleting data. Best practice suggests that you have independent backup, with a much longer retention. This will help minimise the risk of data loss due to accidental deletion, malicious removal, or other system failure.
  7. Utilise anti-malware/anti-virus software. Although the server running security is no longer your responsibility, it is advisable to still ensure that your tenancy configuration settings are high, and that any devices that connect to your tenancy are secure (fully patched, and running security software).
  8. Monitor and manage server hardware health. If you are no longer using an on-premises server, then you do not have to worry about this.
  9. Server patch-management.If you are no longer using an on-premises server, then you do not have to worry about this. We should raise that it is still important to ensure that other devices that connect to your 365 tenancy are up to date with their patching.

Most of the IT security governance requirements still exist, even with the move to the cloud. We strongly suggest that all organisations take serious steps to minimise the risks associated with the management of their data.

Popular Posts