Quoted from Microsoft:
The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override the Defender for Office 365 or EOP filtering verdicts. The list is used during mail flow for incoming messages from external senders.
The Tenant Allow/Block List doesn’t apply to internal messages within the organization.
The Tenant Allow/Block list is available in the Microsoft Defender portal at https://security.microsoft.com > Policies & rules > Threat Policies > Tenant Allow/Block Lists in the Rules section. To go directly to the Tenant Allow/Block Lists page, use https://security.microsoft.com/tenantAllowBlockList.
In most cases, you can’t directly create allow entries in the Tenant Allow/Block List:
To allow entries in the Tenant Allow/Block List, please fllow these steps: you can’t create allow entries directly in the Tenant Allow/Block List. Instead you use the Submissions page at https://security.microsoft.com/reportsubmission to report the email, email attachment, or URL to Microsoft as Should not have been blocked (False positive).
Click on Allow email addresses or domains by submitting the email to Microsoft.
Select Type, email or URL (for domain name). Enter the email address or domain name. Check allow email…. Click Submit.
You can check the status in View what you have submitted to Microsoft or View Tenant Allow/Block List
