From db448784c098c7ab7c1e9fe68775017b64ff64be Mon Sep 17 00:00:00 2001 From: Dhairyya Agarwal <12413099+dhairyya@users.noreply.github.com> Date: Fri, 20 Sep 2024 14:35:41 -0700 Subject: [PATCH 1/3] IP address support in TABL Added documentation to add support for IP address in Tenant Allow Block List cmdlet --- .../exchange/Get-TenantAllowBlockListItems.md | 2 ++ .../exchange/New-TenantAllowBlockListItems.md | 12 +++++++++--- .../exchange/Remove-TenantAllowBlockListItems.md | 4 +++- .../exchange/Set-TenantAllowBlockListItems.md | 8 +++++--- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md index cd4836ff15..de223d7042 100644 --- a/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md @@ -76,6 +76,7 @@ The ListType parameter specifies the list to view. Valid values are: - FileHash - Sender - Url +- IP ```yaml Type: ListType @@ -96,6 +97,7 @@ The Entry parameter filters the results based on the ListType parameter value. V - FileHash: The exact SHA256 file hash value. - Sender: The exact domain or email address value. - Url: The exact URL value. +- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. diff --git a/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md index 88eae729be..295e9fb5f5 100644 --- a/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md @@ -82,16 +82,20 @@ The Entries parameter specifies the values that you want to add to the Tenant Al - FileHash: Use the SHA256 hash value of the file. In Windows, you can find the SHA256 hash value by running the following command in a Command Prompt: `certutil.exe -hashfile "\" SHA256`. An example value is `768a813668695ef2483b2bde7cf5d1b2db0423a0d3e63e498f3ab6f2eb13ea3`. - Sender: A domain or email address value. For example, `contoso.com` or `michelle@contoso.com`. - URL: Use IPv4 or IPv6 addresses or hostnames. Wildcards (* and ~) are supported in hostnames. Protocols, TCP/UDP ports, or user credentials are not supported. For details, see [URL syntax for the Tenant Allow/Block List](https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-urls-configure#url-syntax-for-the-tenant-allowblock-list). +- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) To enter multiple values, use the following syntax: `"Value1","Value2",..."ValueN"`. -For senders, files, and URLs the maximum number of allow entries for each type is 500, and the maximum number of block entries for each type is 500 (1000 entries total for each type). +- Entry limits: + - **Exchange Online Protection**: The maximum number of allow entries is 500, and the maximum number of block entries is 500 for each list subtype (sender, URL, file or IP address). + - **Defender for Office 365 Plan 1**: The maximum number of allow entries is 1000, and the maximum number of block entries is 1000 for each list subtype (sender, URL, file or IP address). + - **Defender for Office 365 Plan 2**: The maximum number of allow entries is 5000, and the maximum number of block entries is 10000 for each list subtype (sender, URL, file or IP address). The maximum number of characters in a file entry is 64 and the maximum number of characters in a URL entry is 250. -You can't mix value types (file, sender, or URL) or allow and block actions in the same command. +You can't mix value types (file, sender, IP address or URL) or allow and block actions in the same command. -In most cases, you can't modify the URL, file, or sender values after you create the entry. The only exception is allow URL entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery). +In most cases, you can't modify the IP address, URL, file, or sender values after you create the entry. The only exception is allow URL entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery). ```yaml Type: String[] @@ -135,6 +139,7 @@ The ListType parameter specifies the type of entry to add. Valid values are: - FileHash - Sender - Url +- IP ```yaml Type: ListType @@ -156,6 +161,7 @@ This switch is available to use in the following scenarios: - With the Block switch. - With the Allow switch where the ListType parameter value is URL and the ListSubType parameter value is AdvancedDelivery. +- With the Allow switch where the ListType parameter value is IP. You can't use this switch with the ExpirationDate or RemoveAfter parameter. diff --git a/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md index 7a0be94630..fef0124435 100644 --- a/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md @@ -63,10 +63,11 @@ The Entries parameter specifies the entries that you want to remove based on the - FileHash: The exact SHA256 file hash value. - Sender domains and email addresses: The exact domain or email address value. - Url: The exact URL value. +- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. -You can't mix value types (file, sender, or URL) or allow and block actions in the same command. +You can't mix value types (IP address, file, sender, or URL) or allow and block actions in the same command. You can't use this parameter with the Ids parameter. @@ -109,6 +110,7 @@ The ListType parameter specifies the type of entry that you want to remove. Vali - FileHash - Sender - Url +- IP ```yaml Type: ListType diff --git a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md index f8ec9b0b4d..2cd73a1f66 100644 --- a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md @@ -49,7 +49,7 @@ Set-TenantAllowBlockListItems -Entries -ListType ``` ## DESCRIPTION -In most cases, you can't modify the URL, file, or sender values of an existing entry. The only exception is allow URL entries for phishing simulations (Action = Allow, ListType = URL, and ListSubType = AdvancedDelivery). For more information about allowing URLs for phishing simulations, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](https://learn.microsoft.com/defender-office-365/advanced-delivery-policy-configure). +In most cases, you can't modify the IP address, URL, file, or sender values of an existing entry. The only exception is allow URL entries for phishing simulations (Action = Allow, ListType = URL, and ListSubType = AdvancedDelivery). For more information about allowing URLs for phishing simulations, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](https://learn.microsoft.com/defender-office-365/advanced-delivery-policy-configure). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). @@ -77,10 +77,11 @@ The Entries parameter specifies the entries that you want to modify based on the - FileHash: The exact SHA256 file hash value. - Sender domains and email addresses: The exact domain or email address value. - Url: The exact URL value. +- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. -You can't mix value types (file, sender, or URL) or allow and block actions in the same command. +You can't mix value types (IP address, file, sender, or URL) or allow and block actions in the same command. You can't use this parameter with the Ids parameter. @@ -122,6 +123,7 @@ The ListType parameter specifies the type of entry that you want to modify. Vali - FileHash - Sender - Url +- IP Use the Entries or Ids parameter with this parameter to identify the entry itself. @@ -141,7 +143,7 @@ Accept wildcard characters: False ### -NoExpiration The NoExpiration switch specifies that the entry should never expire. You don't need to specify a value with this switch. -This switch is available to use with block entries or with url allow entries where the ListSubType parameter value is AdvancedDelivery. +This switch is available to use with block entries or with url allow entries where the ListSubType parameter value is AdvancedDelivery or with IP address allow entries. You can't use this switch with the ExpirationDate parameter. From f405ea38953f79286bdd1d7f01e7da54ba3e1ed0 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Fri, 20 Sep 2024 15:36:58 -0700 Subject: [PATCH 2/3] IP TABL edits --- .../exchange/Get-TenantAllowBlockListItems.md | 2 +- .../exchange/New-TenantAllowBlockListItems.md | 21 ++++++++++++------- .../Remove-TenantAllowBlockListItems.md | 4 ++-- .../exchange/Set-TenantAllowBlockListItems.md | 4 ++-- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md index de223d7042..f2a8862ef7 100644 --- a/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Get-TenantAllowBlockListItems.md @@ -97,7 +97,7 @@ The Entry parameter filters the results based on the ListType parameter value. V - FileHash: The exact SHA256 file hash value. - Sender: The exact domain or email address value. - Url: The exact URL value. -- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) +- IP: IPv6 addresses only. Single IPv6 addresses in colon-hexadecimal or zero-compression format or CIDR IPv6 ranges from 1 to 128. This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. diff --git a/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md index 295e9fb5f5..43faa323d0 100644 --- a/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/New-TenantAllowBlockListItems.md @@ -82,20 +82,27 @@ The Entries parameter specifies the values that you want to add to the Tenant Al - FileHash: Use the SHA256 hash value of the file. In Windows, you can find the SHA256 hash value by running the following command in a Command Prompt: `certutil.exe -hashfile "\" SHA256`. An example value is `768a813668695ef2483b2bde7cf5d1b2db0423a0d3e63e498f3ab6f2eb13ea3`. - Sender: A domain or email address value. For example, `contoso.com` or `michelle@contoso.com`. - URL: Use IPv4 or IPv6 addresses or hostnames. Wildcards (* and ~) are supported in hostnames. Protocols, TCP/UDP ports, or user credentials are not supported. For details, see [URL syntax for the Tenant Allow/Block List](https://learn.microsoft.com/defender-office-365/tenant-allow-block-list-urls-configure#url-syntax-for-the-tenant-allowblock-list). -- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) +- IP: IPv6 addresses only: + + • Single IPv6 addresses in colon-hexadecimal format (for example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334). + + • Single IPv6 addresses in zero-compression format (for example, 2001:db8::1 for 2001:0db8:0000:0000:0000:0000:0000:0001). + + • CIDR IPv6 ranges from 1 to 128 (for example, 2001:0db8::/32). To enter multiple values, use the following syntax: `"Value1","Value2",..."ValueN"`. -- Entry limits: - - **Exchange Online Protection**: The maximum number of allow entries is 500, and the maximum number of block entries is 500 for each list subtype (sender, URL, file or IP address). - - **Defender for Office 365 Plan 1**: The maximum number of allow entries is 1000, and the maximum number of block entries is 1000 for each list subtype (sender, URL, file or IP address). - - **Defender for Office 365 Plan 2**: The maximum number of allow entries is 5000, and the maximum number of block entries is 10000 for each list subtype (sender, URL, file or IP address). +Entry limits for each list subtype (sender, URL, file, or IP address): + +- **Exchange Online Protection**: The maximum number of allow entries is 500, and the maximum number of block entries is 500. +- **Defender for Office 365 Plan 1**: The maximum number of allow entries is 1000, and the maximum number of block entries is 1000. +- **Defender for Office 365 Plan 2**: The maximum number of allow entries is 5000, and the maximum number of block entries is 10000. The maximum number of characters in a file entry is 64 and the maximum number of characters in a URL entry is 250. -You can't mix value types (file, sender, IP address or URL) or allow and block actions in the same command. +You can't mix value types (sender, URL, file, or IP address) or allow and block actions in the same command. -In most cases, you can't modify the IP address, URL, file, or sender values after you create the entry. The only exception is allow URL entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery). +In most cases, you can't modify the sender, URL, file, or IP address values after you create the entry. The only exception is URL allow entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery). ```yaml Type: String[] diff --git a/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md index fef0124435..131df513a6 100644 --- a/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Remove-TenantAllowBlockListItems.md @@ -63,11 +63,11 @@ The Entries parameter specifies the entries that you want to remove based on the - FileHash: The exact SHA256 file hash value. - Sender domains and email addresses: The exact domain or email address value. - Url: The exact URL value. -- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) +- IP: IPv6 addresses only. Single IPv6 addresses in colon-hexadecimal or zero-compression format or CIDR IPv6 ranges from 1 to 128. This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. -You can't mix value types (IP address, file, sender, or URL) or allow and block actions in the same command. +You can't mix value types (sender, URL, file, or IP address) or allow and block actions in the same command. You can't use this parameter with the Ids parameter. diff --git a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md index 2cd73a1f66..f37d344c49 100644 --- a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md @@ -49,7 +49,7 @@ Set-TenantAllowBlockListItems -Entries -ListType ``` ## DESCRIPTION -In most cases, you can't modify the IP address, URL, file, or sender values of an existing entry. The only exception is allow URL entries for phishing simulations (Action = Allow, ListType = URL, and ListSubType = AdvancedDelivery). For more information about allowing URLs for phishing simulations, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](https://learn.microsoft.com/defender-office-365/advanced-delivery-policy-configure). +In most cases, you can't modify the sender, URL, file, or IP address values after you create the entry. The only exception is URL allow entries for phishing simulations (ListType = URL, ListSubType = AdvancedDelivery). For more information about allowing URLs for phishing simulations, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](https://learn.microsoft.com/defender-office-365/advanced-delivery-policy-configure). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://learn.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). @@ -77,7 +77,7 @@ The Entries parameter specifies the entries that you want to modify based on the - FileHash: The exact SHA256 file hash value. - Sender domains and email addresses: The exact domain or email address value. - Url: The exact URL value. -- IP: There is only support for IPv6 addresses only. You can add single IPv6 address in the form of Colon-Hexadecimal or Zero-compression Notation. CIDR IPv6 is supported (range from 1-128 is supported) +- IP: IPv6 addresses only. Single IPv6 addresses in colon-hexadecimal or zero-compression format or CIDR IPv6 ranges from 1 to 128. This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. From 9681c1a742168017fefcca96282e57af99c52e7e Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Fri, 20 Sep 2024 15:42:44 -0700 Subject: [PATCH 3/3] Update Set-TenantAllowBlockListItems.md --- .../exchange-ps/exchange/Set-TenantAllowBlockListItems.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md index f37d344c49..843a7d4d31 100644 --- a/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md +++ b/exchange/exchange-ps/exchange/Set-TenantAllowBlockListItems.md @@ -81,7 +81,7 @@ The Entries parameter specifies the entries that you want to modify based on the This value is shown in the Value property of the entry in the output of the Get-TenantAllowBlockListItems cmdlet. -You can't mix value types (IP address, file, sender, or URL) or allow and block actions in the same command. +You can't mix value types (sender, URL, file, or IP address) or allow and block actions in the same command. You can't use this parameter with the Ids parameter. @@ -143,7 +143,11 @@ Accept wildcard characters: False ### -NoExpiration The NoExpiration switch specifies that the entry should never expire. You don't need to specify a value with this switch. -This switch is available to use with block entries or with url allow entries where the ListSubType parameter value is AdvancedDelivery or with IP address allow entries. +This switch is available to use with the following types of entries: + +- Block entries. +- URL allow entries where the ListSubType parameter value is AdvancedDelivery. +- IP address allow entries. You can't use this switch with the ExpirationDate parameter.