Security Update Coming Your Way! According to Microsoft, Beginning February 13th 2023, the Safe Links Block List will no longer be enforced. Entries on this list will no longer be considered unsafe and blocked at the time of the click, as all Safe Links Block List should be migrated to the Tenant Block List. This is a major shift in security strategy, which gives more granular control over what links are allowed, rather than just blocking known bad links in the organization. Don’t miss this crucial deadline, as the Safe Links Block List will get retired by the end of March 2023. Stay ahead of the change before it’s too late!
According to the recent Update, Microsoft hits pause on the automatic migration of entries from the Safe Links Block List to the Tenant Allow/Block List. Now, it is the responsibility of the admins to individually review and take necessary actions for any entries that were not successfully migrated to the Tenant Allow/Block List (TABL) during the automation process. Admins have to complete the migration manually before the end of January 2023, after that the Global Safe Links Block List will no longer be in use!
Be aware of the fact that any entry migrated from the Safe Links Block List to the Tenant Allow/Block List will adopt the behavior of TABL. This means that any message with the blocked URL will be moved to Quarantine!
To migrate the Safe Links Block List to the Tenant Allow/Block List, you can use the Microsoft 365 Defender Portal as well as the PowerShell module.
The Tenant Allow/Block List is used to filter incoming messages from external sources during email delivery and does not affect internal communication. It is important to note that as soon as an entry is created, it will get activated in 30 minutes. In rare cases, it may take up to 24 hours to get active. Let’s check out how can you allow/block URL entries by different methods.
Managing Block URL Entries via Defender Portal:
Admins can follow the steps below to create a tenant block URL entry in the Defender portal.
- In the Tenant Allow/Block List page, you can add the URLs you want to block access for everyone in the organization.
- By default, the blocked entry will be removed after 30 days. You can extend it up to 90 days or set it not to expire.
- After giving a Note (optional), Click Add.
- URL Syntax should be of threatalert.com, xyz.domain.threatalert.com, threatalert.com/a, xyz.domain.threatalert.com/a/b/c, etc. Here, a/b/c refers to the wildcards.
You can also use the Submissions portal in Microsoft Defender to submit URLs to be blocked.
Managing Block URL Entries via PowerShell:
To add an URL block entry, run the following cmdlet after connecting to Exchange Online PowerShell.
New-TenantAllowBlockListItems -ListType Url -Block -Entries givemeyourpassword.com -ExpirationDate 01/30/2023
Organizations should take the following actions to prepare for the migrating the Safe Links Block List to Tenant Allow/Block List:
- Manually Transfer the URLs before Microsoft makes its attempt: Admins should manually migrate the entries from the Safe Link Block List to the Tenant Allow/Block List. In June 2023, Microsoft will attempt to migrate the unsuccessful migrated entries on the organization’s behalf and notify the organizations once the first migration has been completed.
- Check for successful migrated entries: After getting notified, organizations should ensure that all entries on their Safe Links Block Lists have been migrated successfully to the Tenant Allow/Block List.
- Resolve any issues with unsuccessful migration: Any entries that were unable to be migrated will be marked with an unsuccessful migration status, and organizations will have the ability to resolve that entry and run the migration again from Mid-June through December.
- Purging Unwanted Migrated Entries from BlockURLS to Prevent Errors: When admins want to delete a migrated entry from TABL list, it is also important to remove it from Safe links BlockURLS in order to prevent any migration errors. Otherwise, the entry will be migrated again.
- Effectively manage URLs using Tenant Allow/Block List: Safe Links offer access control to URLs and links only within the emails. But with Tenant Allow/Block list admins can control access to various services like SharePoint, Teams, etc., and features. This allows admins to have a finer level of control over sensitive data, ensuring that only authorized users have access.
I hope this blog provides detailed info on Microsoft’s upcoming update with checklists regarding the retirement of the Safe Links Block List and its replacement, and steps to create Tenant Allow/Block URL entries. Feel free to shoot your queries for further assistance.