A new tool has been released to help administrators troubleshoot issues with safe and blocked sender lists in Microsoft 365. This tool allows users to independently resolve issues without needing to contact support.
Users can manage their safe/blocked sender lists at the mailbox level, which includes the Safe Senders list, Safe Recipients list, and Blocked Senders list. The safelist entries are hashed before being stored in user object attributes, and when a message is received, Exchange compares the sender’s email address to the hash values to determine if the message should be allowed or blocked.
Admins can configure the safelist collection using PowerShell cmdlets, and the new Mailbox Safe/Block List diagnostic tool provides detailed information on whether a sender’s SMTP address is listed in the trusted or blocked senders list. This tool also verifies the accuracy and presence of these values in Microsoft Entra ID and initiates a sync if any discrepancies are found.
The diagnostic tool can confirm if a sender is allowed or blocked and provide insights on configuration issues preventing a sync. It is important to note that the tool will only sync block list domains to Microsoft Entra ID, as syncing allowed domains may lead to the delivery of harmful or unwanted messages.
To run the diagnostic, administrators can use
