Viewing Blocked Lists for Exchange Online

The Blocked Lists for Exchange Online specify the blocked senders, URLs, and SHA-1 hash values for your organization through the Threat Remediation API. Email messages that match any item in the lists will be automatically quarantined by Cloud App Security.

After the blocked lists are configured, a message Blocked Lists for Exchange Online enabled displays on the Advanced Threat Protection screen for Exchange Online policies. The blocked lists apply to all targets in the enabled Exchange Online policies and take precedence over the configurations in these policies.

  1. Generate an authentication token to use the Threat Remediation API.

    For more information about how to manage the token, see Generating an Authentication Token.

  2. Add, remove or view blocked senders, URLs, and SHA-1 hash values through the Threat Remediation API.

    For more information about how to use this API, see Supported Cloud App Security Automation APIs.

  3. View the blocked lists.
    1. Go to Administration > Global Settings > Blocked Lists for Exchange Online.
    2. View the items specified in each blocked list:
      • Blocked Senders: email address that an email message is sent from

      • Blocked URLs: URL that is included in an email message

      • Blocked SHA-1 Values: SHA-1 hash value of an email attachment

      Note:

      In this release, you can only view the blocked lists on the management console. To add or remove a blocked item, use the Threat Remediation API.

    3. Optionally click Export to export the blocked lists to a CSV file.
    4. Click OK.