Remove-TenantAllowBlockListItems

This cmdlet is available only in the cloud-based service.

Use the Remove-TenantAllowBlockListItems cmdlet to remove entries from the Tenant Allow/Block List in the Microsoft Defender portal.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Remove-TenantAllowBlockListItems
      -Entries <String[]>
      -ListType <ListType>
      [-ListSubType <ListSubType>]
      [-OutputJson]
      [<CommonParameters>]
Remove-TenantAllowBlockListItems
      -Ids <String[]>
      -ListType <ListType>
      [-ListSubType <ListSubType>]
      [-OutputJson]
      [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Remove-TenantAllowBlockListItems -ListType Url -Ids "RgAAAAAI8gSyI_NmQqzeh-HXJBywBwCqfQNJY8hBTbdlKFkv6BcUAAAl_QCZAACqfQNJY8hBTbdlKFkv6BcUAAAl_oSPAAAA0l"

This example removes the specified URL entry from the Tenant Allow/Block List.

Example 2

Remove-TenantAllowBlockListItems -ListType Url -ListSubType AdvancedDelivery -Entries *.fabrikam.com

This example removes the URL allow entry for the specified third-party phishing simulation URL. For more information, see Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes.

Parameters

-Entries

The Entries parameter specifies the entries that you want to remove based on the ListType parameter value. Valid values are:

  • FileHash: The exact SHA256 file hash value.
  • Sender domains and email addresses: The exact domain or email address value.
  • Url: The exact URL value.

This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet.

You can't mix value types (file, sender, or URL) or allow and block actions in the same command.

You can't use this parameter with the Ids parameter.

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-Ids

The Ids parameter specifies the entries that you want to remove. This value is shown in the Identity property in the output of the Get-TenantAllowBlockListItems cmdlet.

An example value for this parameter is RgAAAAAI8gSyI_NmQqzeh-HXJBywBwCqfQNJY8hBTbdlKFkv6BcUAAAl_QCZAACqfQNJY8hBTbdlKFkv6BcUAAAl_oSPAAAA0.

You can't use this parameter with the Entries parameter.

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-ListSubType

The ListSubType specifies further specifies the type of entry that you want to remove. Valid values are:

  • AdvancedDelivery: Use this value for phishing simulation URLs.
  • Tenant: This is the default value.
Type:ListSubType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-ListType

The ListType parameter specifies the type of entry that you want to remove. Valid values are:

  • FileHash
  • Sender
  • Url
Type:ListType
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-OutputJson

The OutputJson switch specifies whether to return all entries in a single JSON value. You don't need to specify a value with this switch.

You use this switch to prevent the command from halting on the first entry that contains a syntax error.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection