This documentation shows how is the admin experience when blocking a spammer/phisher on the Microsoft 365 Security Portal.
1. Head over to security.microsoft.com and sign in with your account in the client's tenant.
2. On the left menu, select Policies & Rules
3. Proceed to select Threat Policies
4. Under the policies, select "Anti-spam"
5. As a default, select Anti-Spam Inbound Policy (Default)
6. Once you open the policy, go to the bottom and click on Edit allowed and blocked senders and domains
7. To add a sender to the block list, click on Manage Sender(s)
8. Click on Add Senders and with this, you will add specific senders to the policy
9. To add domains, go back to the same policy and click on Block Domains
10. Click on Add domains to include specific domains to the block list
If you still have questions, please feel to reach us at firstname.lastname@example.org