Office 365 Whitelist

Use a Microsoft 365 allow policy only when your organization requires it for internal delivery testing or controlled receiving domains. Do not use whitelisting to bypass consent, suppression, or complaint handling.

Suggested checks​

1. Verify the sender domain first.
2. Confirm SPF, DKIM, and DMARC alignment.
3. Identify the receiving tenant and policy owner.
4. Add only the required sender domain or IP range.
5. Send a test message and inspect message trace.

Exact Microsoft admin center screens change often. Confirm the current path in Microsoft documentation before changing production tenant policy.